We've got an anti-DDoS system that uses the RTBH system of setting a route's NH to 192.0.2.1 and then routing that traffic to discard (rfc5635). It is working as expected, but I'd like to query how much traffic is being dropped, or sent to "discard".
We have netflow, snmp, firewall filters/counters available to be used, but with the lack of an interface/firewall policy to poll, I can't think of a way to monitor what's being dropped.
Any ideas?
No comments:
Post a Comment