search

pavel-odintsov / fastnetmon

FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
https://fastnetmon.com
GNU General Public License v2.0
3.41k stars 567 forks source link

Exabgp announces 0.0.0.0/0 instead of subnet #894

Open teunis90 opened 3 years ago

teunis90 commented 3 years ago

Exabgp announces 0.0.0.0/0 instead of subnet

If I enable "exabgp_announce_whole_subnet" and a ip is banned, the default route 0.0.0.0/0 gets advertised over bgp, instead of the whole subnet in the networks_list.

OS/version: community version 1.1.7 on debian10 LXC container capture: netflow/ipfix from juniper router networks_list:

Attachments:

Added fastnetmon.conf as .txt file because of GitHub's file extension restrictions.

pavel-odintsov commented 3 years ago

Thank you so much for report!

pavel-odintsov commented 3 years ago

Does it happen when FastNetMon triggers ban automatically?


2020-12-04 12:25:35,777 [INFO] API we asked for ban for IP: 192.168.10.6
2020-12-04 12:25:35,777 [INFO] API call ban handlers manually
2020-12-04 12:25:35,777 [INFO] Call script for ban client: 192.168.10.6
2020-12-04 12:25:35,777 [INFO] Script for ban client is finished: 192.168.10.6
2020-12-04 12:25:35,777 [INFO] Call ExaBGP for ban client started: 192.168.10.6
2020-12-04 12:25:35,777 [INFO] Call to ExaBGP for ban client is finished: 192.168.10.6
2020-12-04 12:25:35,778 [INFO] ExaBGP announce message: announce route 0.0.0.0/0 next-hop 192.168.255.71 community 65001:567

2020-12-04 12:25:35,778 [INFO] ExaBGP announce message: announce route 192.168.10.6/32 next-hop 192.168.255.71 community 65001:234

2020-12-04 12:26:05,110 [INFO] API: We asked for unban for IP: 192.168.10.6
2020-12-04 12:26:05,110 [INFO] API: call unban handlers
2020-12-04 12:26:05,110 [INFO] We will unban banned IP: 192.168.10.6 because it ban time 0 seconds is ended
2020-12-04 12:26:05,110 [INFO] Call script for unban client: 192.168.10.6
2020-12-04 12:26:05,110 [INFO] Script for unban client is finished: 192.168.10.6
2020-12-04 12:26:05,110 [INFO] Call ExaBGP for unban client started: 192.168.10.6
2020-12-04 12:26:05,110 [INFO] Call to ExaBGP for unban client is finished: 192.168.10.6
2020-12-04 12:26:05,111 [INFO] API: remove IP from ban list
2020-12-04 12:26:05,111 [INFO] ExaBGP announce message: withdraw route 0.0.0.0/0 next-hop 192.168.255.71

2020-12-04 12:26:05,111 [INFO] ExaBGP announce message: withdraw route 192.168.10.6/32 next-hop 192.168.255.71```

I see that this one was triggered manually and in this case we skip network lookup.
teunis90 commented 3 years ago

I tested again but now with automatic trigger instead of manual trigger. That works OK. So with automatic trigger the subnet from the networks_list does get announced.

pavel-odintsov commented 3 years ago

Excellent! Thank you for confirming!

pavel-odintsov commented 3 months ago

We reworked this logic but this issue is still here :(