[afnog] BGP issues and strange traffic
Austin Uwudia
auwudia at swifttalk.net
Thu Feb 25 08:49:33 UTC 2016
Hi Femi,
You can do this…
Go to Routing BGP
1. Under BGP instances go to “Out Filter, pull down and select ‘Internet-Allowed-Out’”
2. Under BGP Peers (General), “In filter: Select Dynamic-In”. Enable Remove Private AS”
Go to Routing Filter
1. Under Route Filters, add a new filter – Chain=Dynamic-In. Action = discard
2. Add another filter – Chain=Internet-Allowed-Out. Action=Accept. Prefix=your prefix (196.13.111.0/24)
You add as many prefixes as you have.
That should solve your problem.
Thanks,
Austin
From: afnog [mailto:afnog-bounces at afnog.org] On Behalf Of Folarin Oluwafemi
Sent: 21 February 2016 23:24
To: afnog at afnog.org
Subject: [afnog] BGP issues and strange traffic
Hello Group Members,
I recently did BGP peering with my upstream provider and everything was fine until a few days
time when i observe strange traffic from the interface of my WAN.
What i saw using torch tool (network real-time monitor) on Mikrotik was traffic hitting my WAN
interface from IP prefix from unknown locations hitting my router for DNS service that i can't
explain..
I disabled my LAN Public IP block of 196.13.111.0/24 <http://196.13.111.0/24> and observed keenly the scenario and still
observed high traffic coming in.
Because of this act, i have not been able to enjoy good internet service from my provider.
Any filtering mechanism that can be used or how this attack can be mitigated.
Attached is the snapshot of what am refering to.
ETHER 5 is the interface facing my ISP
ETHER 3 is my LAN interface 196.13.111.0/24 <http://196.13.111.0/24> disabled
I need assistance from the group in helping out.
Regards.
--
I am what God says I am
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160225/2405ba91/attachment-0001.html>
More information about the afnog
mailing list