tag:blogger.com,1999:blog-1978652979840829013.post2073454044571722230..comments2024-02-13T07:05:41.069-08:00Comments on sFlow: DDoS BlackholePeterhttp://www.blogger.com/profile/00856599914190257147noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-1978652979840829013.post-85281263730717431422017-07-08T10:52:29.808-07:002017-07-08T10:52:29.808-07:00There are a number of additional examples on this ...There are a number of additional examples on this blog, click on the <a href="http://blog.sflow.com/search/label/DoS" rel="nofollow">DoS</a> label to see the articles.<br /><br />If you are using Mininet then you might be interested in <a href="http://blog.sflow.com/2016/05/mininet-flow-analytics.html" rel="nofollow">Mininet flow analytics</a> and <a href="http://blog.sflow.com/2016/05/mininet-dashboard.html" rel="nofollow">Mininet dashboard</a>.<br /><br />You can write your application using the REST API or the internal JavaScript API, see <a href="http://sflow-rt.com/writing_applications.php" rel="nofollow">Writing Applications</a>Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-60560037504891678852017-07-08T07:32:51.585-07:002017-07-08T07:32:51.585-07:00It must use the BGP?
I am using mininet to simulat...It must use the BGP?<br />I am using mininet to simulated network environment, and want to use the ddos blackhole to detect ddos attacks, but i don't use the BGP. What should i do?Anonymoushttps://www.blogger.com/profile/11633492238366779041noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-76759198868687958792017-07-07T07:46:07.261-07:002017-07-07T07:46:07.261-07:00You need to set the address groups, the following ...You need to set the address groups, the following article gives a description <a href="http://blog.sflow.com/2017/06/remotely-triggered-black-hole-rtbh.html" rel="nofollow">Remotely Triggered Black Hole (RTBH) Routing</a>Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-43731509586487369602017-07-06T23:39:38.812-07:002017-07-06T23:39:38.812-07:00hi,I can't see the traffic, can you explain sp...hi,I can't see the traffic, can you explain specific how to configuration?Anonymoushttps://www.blogger.com/profile/11633492238366779041noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-25157372315934982472017-04-19T22:27:53.893-07:002017-04-19T22:27:53.893-07:00You need to configure the IP Address Groups and ad...You need to configure the IP Address Groups and add additional group(s) containing the globally routable CIDRs for your servers. The address groups are used to identify local, non-local and non-routable address spaces. Traffic from external addresses to local globally routable addresses is monitored for DDoS attacks.<br /><br />Once you have the groups configured you should start to see traffic under the charts tab.Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-57904574642588030882017-04-19T22:10:34.981-07:002017-04-19T22:10:34.981-07:00hai Mr.Peter. can you explain specifically about w...hai Mr.Peter. can you explain specifically about where should command ip route apply, because i try it in sflow-rt dir or new terminal, both failed, last i try curl command curl http://localhost:8008/script/ddos.js/json?action=enable {"controls":{},"enabled":true}, still controls on ddos application show nothing. Thank you ..Anonymoushttps://www.blogger.com/profile/06547934323875606395noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-2184837695592711022015-12-17T16:43:57.833-08:002015-12-17T16:43:57.833-08:00Thanks for the information about Level 3. There is...Thanks for the information about Level 3. There is rudimentary BGP support built in to sFlow-RT, <a href="http://blog.sflow.com/2015/10/active-route-manager.html" rel="nofollow">Active Route Manager</a>, but BGP Communities aren't yet supported.<br /><br />In the mean time, you could probably replace the TCL/Expect script with a script that uses <a href="https://github.com/Exa-Networks/exabgp" rel="nofollow">ExaBGP</a>.Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-49643964032902872022015-12-17T16:35:06.039-08:002015-12-17T16:35:06.039-08:00Even better if your ISP support RTBH via BGP Commu...Even better if your ISP support RTBH via BGP Communities. Level 3 allows you to trigger it with the following community (or at least used to):<br /><br />3356:9999 - blackhole (discard) trafficCarl Fugatehttps://www.blogger.com/profile/01551765914159978482noreply@blogger.com