You can automate all of this with Made4Flow, already closing a direct session and not having to do manual work.
\n Let’s go to the settings then<\/strong>\n <\/p>\n\n \n 1 \u2013 Identify the attacked IP<\/strong>\n <\/p>\n\n You can do this through Netflow analysis, as in Made4Flow, through the graphs and identify through the Raw Data Report, which IP has the most traffic and possibly being the victim of the attack. Or through Made4Flow, simply by accessing the Anti-DDoS module -> Active Anomalies<\/p>\n\n The attacked IP was: 200.189.56.55 (Example)<\/p>\n\n \n 2) Create a route to Discard (Blackhole)<\/strong>\n <\/p>\n\n After identifying the attacked IP via Made4Flow it is now time to create the route in your Juniper Router to effectively play the IP to Blackhole or Discard<\/p>\n\n Let’s assume that the attacked IP is 200.200.200.1, let’s create the route as follows<\/p>\n\n Applied commands:<\/p>\n\n configure After applying the route pointing to Discard that IP will STOP WORKING!<\/strong><\/p>\n\n You can check the route using the show command:<\/p>\n\n If the route is showing as Discard, you are already sending it to Blackhole<\/p>\n\n \n 3 – Announce the IP in blackhole via BGP to your operators\/upstreams<\/strong>\n <\/p>\n\n After identifying and blackhole the route you need to advertise via BGP to your operators\/upstreams.<\/p>\n\n Before configuration, it is always recommended to talk to your Operator\/Upstream to find out which Blackhole BGP community is. For this we have a few steps:<\/p>\n\n To configure the blackhole community so that it can be used later, we need to run the following command:<\/p>\n\n Command: If it is necessary to add more communities, apply the same command changing the community name and number<\/p>\n\n Tip<\/strong>: Talk to your operator to find out which BGP blackhole community they use<\/p>\n\n To configure the sending of Blackhole in the policy-statement, you must first identify the policy used in the BGP session with the Operator and then configure to accept the Blackhole Route within a term<\/p>\n\n In our example, where the IP 200.200.200.1\/32 is attacked, we will use the following command: Create a new term already with the attacked IP:<\/p>\n\n Next step is to accept the route within this term<\/p>\n\n Next step is to add the previously created community<\/p>\n\n Next step is to change the order of the policy, so that the term containing the blackhole route is at the top as possible, we will use the insert command<\/p>\n\n We can validate with the show command that the configuration is correct:<\/p>\n\n All commands used:<\/p>\n\n configure exclusive You can validate if you are advertising the route using the command show route advertising-protocol bgp 192.168.100.1<\/p>\n\n Once this is done, the IP will remain in blackhole and announced to your operator, the attack will cease if it goes to this single IP. \n Automating with Made4Flow<\/strong>\n <\/p>\n\n With Made4Flow it is possible to automate the blackhole announcement process of attacked IPs. To configure the BGP session between the Router and Made4Flow, you need to create a Policy and then the BGP session<\/p>\n\n To configure policy, use the commands<\/p>\n\n Commands used: In this case we are also already added Next-hop manually in the router.<\/p>\n\n Within Made4Flow, you can already advertise with the correct BGP and Next-hop community if you prefer.<\/p>\n\n Configure the BGP session with Made4Flow, in our case we are going to use an iBGP, with the following configurations in the Juniper Router<\/p>\n\n Commands used:<\/p>\n\n Configure Tip<\/strong>: remember to delete the blackhole routes manually, in our example: delete routing-options static route 200.200.200.1\/32<\/p>\n\n Within the Anti-DDoS Module, you can access the menu: Actions and Responses and configure the response to send the Blackhole with the correct BGP community:<\/p>\n\n \n To configure to send to the operators\/upstreams you need to configure a BGP community to be used in the term of the Policy with the Operator.<\/p>\n\n For this we need to set up a community<\/p>\n\n Comando: set policy-options community cm_blackhole_Made4Flow members 666:666<\/p>\n\n The next step is to configure your operator\/upstream Policy, as in sending the blackhole, but now matching the community in the Term, as in our configuration: -l<\/p>\n\n Configure To check if you are sending the announcement to the operator use the commands:<\/p>\n\n Check if you receive from Made4Flow<\/p>\n\n Comando: show route receive-protocol bgp 192.168.120.2<\/p>\n\n And if you are sending to the operator:<\/p>\n\n Comando: show route advertising-protocol bgp 192.168.100.1<\/p>\n\n Having made these settings, the automation of Made4Flow is ready<\/strong>. Upon receiving an attack, Made4Flow can now send this route to Blackhole.<\/p>\n\n To make it easier, we have the video below, showing in practice how to configure the Juniper Router with Blackhole.<\/p>\n\n \n\n ![\"\"](\"https:\/\/www.made4it.com.br\/wp-content\/uploads\/2021\/09\/1.png\")
<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n<\/a><\/figure>\n\n