blackhole-threats

command module

v0.9.8 Latest Latest Go to latest Published: Feb 18, 2023 License: MIT Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ebarkie/blackhole-threats

Links

Open Source Insights

README ¶

Blackhole threats (with GoBGP)

Stand-alone BGP route server based on GoBGP which downloads IPv4/v6 threat feeds on a periodic basis, summarizes them, and maintains them as routes. Routers can then iBGP peer with it and blackhole these routes.

Usage

Usage of ./blackhole-threats:
  -debug
    	Enable debug logging
  -conf string
    	GoBGP configuration file (default "gobgpd.conf")
  -feed value
    	Threat intelligence feed (use multiple times)
  -refresh-rate duration
    	Refresh timer (default 2h0m0s)

Feeds

Some threat intelligence feeds:

Configuration

GoBGP

[global.config]
  as = 64512
  router-id = "192.168.1.2"

[[neighbors]]
  [neighbors.config]
    neighbor-address = "192.168.1.1"
    peer-as = 64512
  [[neighbors.afi-safis]]
    [neighbors.afi-safis.config]
      afi-safi-name = "ipv4-unicast"
  [[neighbors.afi-safis]]
    [neighbors.afi-safis.config]
      afi-safi-name = "ipv6-unicast"

Mikrotik RouterOS

v6

/routing bgp instance
set default as=64512
/routing bgp peer
add address-families=ip,ipv6 allow-as-in=2 in-filter=threats-in name=threats remote-address=\
    192.168.1.2 ttl=default
/routing filter
add action=accept address-family=ip bgp-communities=64512:666 chain=threats-in comment=\
    "Blackhole IPv4 C&C and don't route or peer addresses" protocol=bgp set-type=blackhole
add address-family=ipv6 bgp-communities=64512:666 chain=threats-in comment=\
    "Unreachable IPv6 C&C and don't route or peer addresses" protocol=bgp set-type=unreachable

v7

/routing bgp template
set default as=64512 disabled=no routing-table=main
/routing bgp connection
add address-families=ip,ipv6 as=64512 disabled=no input.allow-as=2 .filter=threats-in local.role=ibgp \
    name=threats remote.address=192.168.1.2 routing-table=main templates=default
/routing filter rule
add chain=threats-in comment="Blackhole C&C and don't route or peer addresses" disabled=no rule=\
    "if (bgp-communities equal 64512:666) {set blackhole yes; accept}"

License

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL