Month: December 2019
FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 6
Configuration on Quagga routers Quagga1# show running-config hostname Quagga1 log file /var/log/quagga/quagga.log hostname bgpd log stdout password zebra enable password zebra interface eth0 ipv6 nd suppress-ra interface lo router bgp 100 bgp router-id 10.10.12.1 bgp log-neighbor-changes redistribute static metric route-map bh-trigger neighbor 10.10.12.2 remote-as 100 neighbor 10.10.12.3 remote-as 100 …
FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 5
3. BGP sessionsa) Configure Quagga1 and Quagga2Install quagga and start bgpd and zebra daemons. bash-4.2# systemctl start bgpd bash-4.2# systemctl start zebra Connect to the configuration console using vtysh. If all sessions are valid you’ll see something similar in exabgp logs: 14:05:40 | 464 | reactor | loaded new configuration…
FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 4
2) Generate sflow Traffic Send some sflow traffic to FastNetmon from an external machine – machine with IP 192.168.122.1 and marked with hsflowd in the schema. From Linux machine with hsflowd installed https://sflow.net/downloads.php we are sending traffic to FastNetMon machine. Hsflowd has the following configuration: cat /etc/hsflowd.conf sflow { DNSSD=off…
FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 3
Now it’s time to start FastNetMon1.a) Server side: bash-4.2# cd /opt/fastnetmon/bash-4.2# ./fastnetmon –daemonize –configuration_file /etc/fastnetmon.conf –log_file /var/log/fastnetmon.log Verify if working: bash-4.2# ps -ef | grep fastroot 363 1 0 13:23 ? 00:00:00 ./fastnetmon –daemonize –configuration_file /etc/fastnetmon.conf –log_file /var/log/fastnetmon.log 1.b) Client side: From the same directory from where we have started…
FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 2
As a bgp daemon we are using quagga, which is easy to be installed on every Linux distro. We are automating the process behind RTBH (Remotely-Triggered Black Hole) which is a very good tool for protecting us in case of a DDoS.Routers Quagga1 – Quagga4 compose the network, and router…
FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 1
In this scenario I would like to introduce you FastNetMon, ExaBGP and BGP in order to cut DDoS attacks. FastNetMon – https://fastnetmon.com/ is a DDoS Detection tool. The proof of concept is presented in the following picture. The whole scenario is built on Linux environment, environment that supports all the…