-- README --
Nfsen BlackHole plugin
The purpose ot this Nfsen plugin is to Inject prefixes (/32) into the router table via bgp community. With proprely applied routing policy this can be used for mitigating DDOS Attacks. (RTBH)
TODO: MAKE INSTLLATION Script use config array ! Repair php table ! Installation:
install monit
pkg install monit-5.8.1 (freebsd) apt-get install monit (debian)
cd TEST && tar zxvf blackHole.tgz
copy blackHole.pm in $BACKEND_PLUGINDIR
copy bgp_simple_restart.sh in $BACKEND_PLUGINDIR
copy bgp_simple.pl in $BACKEND_PLUGINDIR
copy blackHole.php in $FRONTEND_PLUGINDIR
in $VARDIR dir (in my case $VARDIR="${BASEDIR}/var/nfsen" $BASEDIR = "/usr/local";) i.e. ( /usr/local/var/nfsen ) make:
touch blackhole-pref.td2 && chmown www:www blackhole-pref.td2 touch blackHole.plugin.log && chown www:www blackHole.plugin.log
NFSEN Configuration:
check file blackhole with path /usr/local/var/nfsen/blackhole-pref.td2
alert root@localhost on {timestamp,permission}
if changed timestamp then alert
if changed timestamp
then exec "/usr/local/libexec/nfsen/plugins/bgp_simple_restart.sh"
---
edit bgp_simple_restart.sh
edit nfsen.conf add in the @plugins array [ '*', 'blackHole' ],
edit blackHole.pm file and change community!!!! ( line 60 )
Router Configuration:
Usage:
NFsen Frontend Web Plugins --> blackHole --> edit table add or delete prefix WITHOUT mask. Verify:
Check received prefixes form nfsen server (from local router) user@Juniper> show route receive-protocol bgp 10.113.0.5 detail
xx.xx.xx.222/32 (1 entry, 1 announced) Accepted Nexthop: 10.113.0.5 Localpref: 100 AS path: I AS path: Recorded Communities: MYAS:9999
xx.xx.xx.223/32 (1 entry, 1 announced) Accepted Nexthop: 10.113.0.5 Localpref: 100 AS path: I AS path: Recorded Communities: MYAS:9999
yy.yy.yy.134/32 (1 entry, 1 announced) Accepted Nexthop: 10.113.0.5 Localpref: 100 AS path: I AS path: Recorded Communities: MYAS:9999
Check out your upstream advertisement communities for those routes to other ISPs if you have agreement with those ISP for black hole communities
user@Juniper-Edge> show route advertising-protocol bgp nei.gh.bour.ip xx.xx.xx.222/32 detail