In most big enterprise and MSSP , the need exist for bgp-route-injection for blackhole. I wrote about a opensource pyhton BGP daemon earlier, http://socpuppet.blogspot.com/2020/12/using-yabgp-for-blackhole-injection.html. Here is goBGPD which is the next evolution for opensource routing
goBGPD is another simple means and is great if you want to inject routes. Most of the time we collect C&C and malicious address from IDS from IPS/IDS/SIEM and then run them thru a check and injector the ip.list
Let's look at a simple configuration file
/* 192.168.1.99 is a FGT firewall fwiw
Now to craft routes, we can do a simple for loop and read in a list of address from a file
Gobgp has a cli-cmd controller which is simple and mimic the classic legacy Merit gateD just type gobgp --help to see your options
You can do many of everything, see just a few samples below;
disable and reenable a bgp-peer
GoBGP has been around for some time and support numerous SAFI and is easy to manage for RTBH or to inject specific /32 into a firewall so uRPF and introduce failure and traffic to or from the firewall will be drop.
A list of 1000k /32 only took me 9 seconds to advertise via goBGP on a small foot print ubuntu server and a FGT100D
NSE ( network security expert) and Route/Switching Engineer
No comments:
Post a Comment