nanog mailing list archives
Re: Public Subnet re-assignments
From: Mel Beckman <mel () beckman org>
Date: Tue, 25 Jun 2019 23:01:06 +0000
If the sources are from many different IPs, it could be a DDoS attack that you simply didn’t notice before. You can black-hole individual IPs using a /32 null0 route. That will at least stop your border router from trying to ARP the destination, reducing broadcast traffic on the subnet. In fact, it’s a good idea to configure /32 null0 routes for IPs you don’t use. Those IPs can’t then be scanned. -mel
On Jun 25, 2019, at 3:50 PM, Scott <scott () viviotech net> wrote: No nothing like that. I'm just removing the .0/30 and 4/30 subnets and adding .0/29. To your previous question, yes .0 and .3 are unused. Once I change the subnet .3 becomes a usable IP and it's getting hammered with traffic, causing packet loss. On 6/25/19 3:30 PM, Mel Beckman wrote:Also, what do you mean by “join to /30 public subnets to a /29”? You can’t overlap subnets, if that’s what you’re thinking. -melOn Jun 25, 2019, at 3:27 PM, Mel Beckman <mel () beckman org> wrote: You’re using just the two middle IPs in the four that make up the /30 set, right? IOW, the subnet x.x.x.0/30 should have .0 and .3 unused (they’re broadcast), and you use .1 and .2. -melOn Jun 25, 2019, at 9:41 AM, Scott <scott () viviotech net> wrote: First, sorry if this is a bit of a noob question. I'm trying to find a way of preventing a slew of traffic to an IP, or IP's, when I join two /30 public subnets to a /29. It appears that while the ranges are /30 someone is trying to brute-force the network and/or broadcast addresses for the ranges. When I change them to be a /29, now the router sees the traffic and starts dropping packets. Are there any suggestions for mitigating this behavior or is it just the nature of the beast? -- 101010-- 101010
Current thread:
- Public Subnet re-assignments Scott (Jun 25)
- Re: Public Subnet re-assignments Mel Beckman (Jun 25)
- Re: Public Subnet re-assignments Mel Beckman (Jun 25)
- Re: Public Subnet re-assignments Scott (Jun 25)
- Re: Public Subnet re-assignments Mel Beckman (Jun 25)
- RE: Public Subnet re-assignments Michel Py (Jun 25)
- Re: Public Subnet re-assignments Mel Beckman (Jun 25)
- Re: Public Subnet re-assignments Mel Beckman (Jun 25)
- Re: Public Subnet re-assignments Mel Beckman (Jun 25)
- <Possible follow-ups>
- Re: Public Subnet re-assignments Scott Weeks (Jun 25)