Block any traffic to gateway ip range ? DDOS/UDP Protect

CristianD · March 27, 2021, 11:22am

Hello guys,

In the last days we have some UDP DDOS on some ips, we have fastnetmon with blackhole to blackhole ips but the problem is now, this guy who make DDOS it makes now right on the gateway subnet

We set on router firewall all-ping disable but still can UDP the gateways of ower ip ranges.

on the eth5 we have set the gateways.

Is there a way to protect this gateways for not respondig somehow but not to affect ower servers ?
If we blackhole .1 i think the entire ip range will not work, i dint try

Thank you

Dmitry · March 27, 2021, 11:37am

Hello @CristianD , it will be good to draw a detailed diagram with described IP and attack packet signatures.

Is this DDoS or DOS?

CristianD · March 27, 2021, 11:54am

Hello,
Whell i dont know if is DDoS or DOS to be onest for me both ar same but o show on the providers network i added picture and on fastnetmon i sow

Ban list:
XXXX.88.1/24228 pps incoming

How can i give you diagram and attack packet signatures.? or whant do you mean by diagram for me is a strange word sorry

Viacheslav · March 27, 2021, 12:15pm

You can try to blackhole with distance 254 and tag 666

Route map match tag 666 set community xxx:666(community black hole your isps)

But you can lost management and services such ntp/dns to your host

It’s allow you to connect to the router via LAN network

CristianD · March 27, 2021, 3:13pm

Yep this is the think we have blackhole but i was afraind to set on the gw

I will test it in the night time to see what is happening if i blackhole it only the gw

I can opt out for anti ddos solution from voxility but its way to expensive we ar not so big

CiscoNCS · March 27, 2021, 10:35pm

@CristianD you could check into fastmon they do a community edition for free manages to mitigate to a gig attack but lot of features are not available from the paid version which is a unfortunate.

CristianD · March 30, 2021, 3:17pm

This is what i didnt understand on fastnetmon the payed one, Licence type 10G, they will mitigate the ddos or just sompting special to mitigate on my solution(providers)

I think i will contact them.

CiscoNCS · March 30, 2021, 4:21pm

i’d say try the free one out first if you like it get the paid one obviously you’ll have more features to play with like API zabbix integration which i think they should create a integration for ELK too which would be wonderful however check it out my suggestion.