LOKI - A new Tool to Interact with BGP

LOKI is a new application designed to provide an easy way for programmers and system admistrators to interact with BGP networks

The program is designed to allow the injection of arbitrary routes into a network, including IPv6 and FlowSpec  


Introduction   

Many security professionals are currently using NetFlow to monitor their network and react to DDoS attacks. By centralising their traffic information in one place, they are able to corrolate the information and detect more and more advanced attacks.    

Many networks then use BGP to blackhole the destination IP of the attack at their edge, protecting their network core but still allowing the attacker to succeed.  RFC 5575 , better known as FlowSpec, was designed to help security professionals react to such attacks in a more fine grained manner, by allowing precise filtering rules to be deployed, through BGP, to routers with advanced ASICS features. LOKI is currently the only open source implementation of a route injector able to generate and propagate Flow Routes. 


Getting Started

LOKI is available on BGP tools and will run on Windows x64 and most Unix flavours with any recent version of Python 2 (2.4 to 2.7) 

   

Simply untar the code into /opt, or any directory of your choice or just run it from the desktop on you Windows x64.

 

The configuration contains the usual BGP information fields; Cisco, Juniper, Quagga and BIRD users should find their mark very quickly. A mixed IPv4/Flow configuration would look like the following: 

   BGP tools

We would love to hear from you...

The program datasheet has more information on how to install and configure the application. As usual, comments and feedback are welcome. Feel free to use the site's bug tracker to contact us.