my network is attacked by UDP flood
we have facing problem that all our IPs " used and unused IPs " been attacked from out side by huge UDP traffic , the torch show millions of small UDP packets from many different IPs attacking our network , i have tried to disconnect all our LAN interfaces to make sure if there is any infected server may cause that and the attack still same and all my BW utilized by the attackers .
i have tried to remove all the config on the router and kept only the BGP config , once i advertise any network the attack start immediately .
Here is my BGP and routing filter config :
Code: Select all
/routing filter
add action=accept chain=OUT prefix=xx.xx.xx.0/24 prefix-length=24-32
add action=accept chain=OUT prefix=yy.yy.yy.0/24 prefix-length=24-32
add action=discard chain=OUT prefix=0.0.0.0/0
add action=discard chain=OUT
add action=discard bgp-weight=200 chain=IN prefix=xx.xx.xx.0/24 prefix-length=24-32
add action=discard bgp-weight=200 chain=IN prefix=yy.yy.yy.0/24 prefix-length=24-32
add action=discard bgp-weight=200 chain=IN prefix=0.0.0.0/0
add action=accept bgp-weight=200 chain=IN
/routing bgp instance
set default as=MY ASN redistribute-connected=yes redistribute-other-bgp=yes redistribute-static=yes
/routing bgp network
add network=XX.XX.XX.0/24 synchronize=no
add network=yy.yy.yy.0/24 synchronize=no
/routing bgp peer
add in-filter=IN multihop=yes name=PEER1 nexthop-choice=force-self out-filter=OUT remote-address=ZZ.ZZ.ZZ.ZZ remote-as=”My upstream ASN” tcp-md5-key="$$$$" ttl=1 \
update-source=vlan1
i have tried all the examples in Wiki that its talking about protecting the routers from flooding and DDOS attackes with no success to stop this crazy attack
any post or idea is most welcome .
Thanks
