Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 6

Configuration on Quagga routers Quagga1# show running-config               hostname Quagga1              log file /var/log/quagga/quagga.log              hostname bgpd              log stdout              password zebra              enable password zebra              interface eth0              ipv6 nd suppress-ra              interface lo              router bgp 100              bgp router-id 10.10.12.1              bgp log-neighbor-changes              redistribute static metric  route-map bh-trigger              neighbor 10.10.12.2 remote-as 100              neighbor 10.10.12.3 remote-as 100             …

Continue Reading FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 6
Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 5

3. BGP sessionsa) Configure Quagga1 and Quagga2Install quagga and start bgpd and zebra daemons. bash-4.2# systemctl start bgpd bash-4.2# systemctl start zebra Connect to the configuration console using vtysh. If all sessions are valid you’ll see something similar in exabgp logs: 14:05:40 | 464 | reactor | loaded new configuration…

Continue Reading FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 5
Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 4

2) Generate sflow Traffic Send some sflow traffic to FastNetmon from an external machine – machine with IP 192.168.122.1 and marked with hsflowd in the schema. From Linux machine with hsflowd installed https://sflow.net/downloads.php we are sending traffic to FastNetMon machine. Hsflowd has the following configuration: cat /etc/hsflowd.conf sflow { DNSSD=off…

Continue Reading FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 4
Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 3

Now it’s time to start FastNetMon1.a) Server side: bash-4.2# cd /opt/fastnetmon/bash-4.2# ./fastnetmon –daemonize –configuration_file /etc/fastnetmon.conf –log_file /var/log/fastnetmon.log Verify if working: bash-4.2# ps -ef | grep fastroot 363 1 0 13:23 ? 00:00:00 ./fastnetmon –daemonize –configuration_file /etc/fastnetmon.conf –log_file /var/log/fastnetmon.log 1.b) Client side: From the same directory from where we have started…

Continue Reading FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 3
Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 2

As a bgp daemon we are using quagga, which is easy to be installed on every Linux distro. We are automating the process behind RTBH (Remotely-Triggered Black Hole) which is a very good tool for protecting us in case of a DDoS.Routers Quagga1 – Quagga4 compose the network, and router…

Continue Reading FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 2
Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 1

In this scenario I would like to introduce you FastNetMon, ExaBGP and BGP in order to cut DDoS attacks. FastNetMon – https://fastnetmon.com/ is a DDoS Detection tool. The proof of concept is presented in the following picture. The whole scenario is built on Linux environment, environment that supports all the…

Continue Reading FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 1