Closed pavel-odintsov closed 9 years ago
could be done via for instance exabgp monitor feature, or via bird (which can learn from kernel routing tables: I have a setup on a honeypot search where fail2ban adds bad hosts to unreachable kernel routing table, and birds picks those up and blackholes them via bgp). Let me know if you need feedback/input/.. :)
Could you share your experience with exabgp monitor feature? It's looks very interesting!
Well, we could implement it on top of PIPE feature of exabgp: https://github.com/Exa-Networks/exabgp/issues/244
Btw, we could add ability to specify community number for announce.
Best bet would be adding a bgp community to the ip and advertise it to the router. On the router configuration it's easy to set a policy that blackhole or null-route any received route with the community $x .
Yep, so good idea. I need some time for deploying test env with Quagga.
I found awesome guide for this task https://www.m00nie.com/2014/01/bgp-rtbh-setup-using-exabgp/
Well, my test env have just deployed: http://www.stableit.ru/2015/04/quagga-bgp-and-exabgp-work-together-for.html
I will start my work for integration shortly.
Implemented:) Testers are welcome! Reference guide here: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/EXABGP_INTEGRATION.md
Subject
It's more standard and reliable way to ban IPs.