Hi Michael, On 12/30/2013 10:17 AM, Michael Hallgren wrote:
I suggest you get in touch with your upstreams networks (providers), asking them to drop that traffic at their edge. Better than the call NOC approach, they may provide you means to signal this for example by using BGP community values. (Further down the road, they may provide more fine grained means. You know the nature of the attack? And you may want to look into local ways of more service specific protection. However, as a first step you need to clear out congestion of your upstreams links.)
Yes, I'll contact them and see if they implement RFC3882. I'm not currently under attack, but in the past using a simple iptables rule on the router has proved effective to at least get the rest of my network up again. I'm just trying to achieve the same from Bird now, hence the blackhole routes. Cheers, Andre