[afnog] BGP issues and strange traffic
Folarin Oluwafemi
folarin077 at gmail.com
Thu Feb 25 10:33:47 UTC 2016
I was able to run Unix OPENBGPD platform and Snort IDS to highly supress
the attack.
Meanwhile i will take note of the contributions mentioned earlier and try
it out.
Also, my ISP said I should get a perimeter firewall like the Cisco ASA 5500
series.
Thanks to everyone.
Warm Regards.
On Thu, Feb 25, 2016 at 10:44 AM, Dewole Ajao <dewole at tinitop.com> wrote:
> Sorry, we're 4 days late to the rescue... Dropping the incoming DNS
> traffic will fix it but tomorrow it will be some other service so ideally
> you should filter out access to all local services from your WAN
> interfaces. Wrote
> http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience
> last year after seeing same at many Mikrotik all-in-one router sites.
>
> And you should join
> http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss too ;-)
>
> All the best!
> Dewole.
>
> On 2/21/2016 11:24 PM, Folarin Oluwafemi wrote:
>
> Hello Group Members,
>
> I recently did BGP peering with my upstream provider and everything was
> fine until a few days
>
> time when i observe strange traffic from the interface of my WAN.
>
> What i saw using torch tool (network real-time monitor) on Mikrotik was
> traffic hitting my WAN
>
> interface from IP prefix from unknown locations hitting my router for
> DNS service that i can't
>
> explain..
>
> I disabled my LAN Public IP block of 196.13.111.0/24 and observed keenly
> the scenario and still
>
> observed high traffic coming in.
>
> Because of this act, i have not been able to enjoy good internet service
> from my provider.
>
>
> Any filtering mechanism that can be used or how this attack can be
> mitigated.
>
> Attached is the snapshot of what am refering to.
>
> *ETHER 5 is the interface facing my ISP *
>
>
> *ETHER 3 is my LAN interface 196.13.111.0/24
> <http://196.13.111.0/24> disabled *
>
> I need assistance from the group in helping out.
>
> Regards.
> --
> I am what God says I am
>
>
> _______________________________________________
> afnog mailing listhttps://www.afnog.org/mailman/listinfo/afnog
>
>
>
--
I am what God says I am
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160225/4c2ff9dd/attachment.html>
More information about the afnog
mailing list