[c-nsp] Shunning Traffic on ASA's
Christian Koch
christian at visr.org
Mon Feb 11 10:05:23 EST 2008
hi Roland, i do have RTBH deployed, but not in every data center YET, so
maybe to rephrase - would using "shun" suffice until, i can deploy RTBH as
every site, or would it impose unneeded complication
On Feb 11, 2008 9:54 AM, Roland Dobbins <rdobbins at cisco.com> wrote:
>
> On Feb 11, 2008, at 9:51 PM, Christian Koch wrote:
>
> > Hypothetical situation - customer A calls, please block attacking ip
> > x.x.x.x,
> > im thinking - do i want to use objects groups for "dirty ip's" and
> > add to a
> > deny ACL or do i want to just shun it..
>
> S/RTBH would probably be a better option for this, on your edge routers.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at cisco.com> // +66.83.266.6344 mobile
>
> If you don't know what to do, it's harder to do it.
>
> -- Malcom Forbes
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list