[c-nsp] Blackhole Inbound Traffic
Peder
peder at networkoblivion.com
Wed Nov 17 10:35:10 EST 2010
I have several border routers connected to different Internet providers. I
want to be able to blackhole inbound traffic from certain IPs. My hope is
that there is a way that I can set it in one spot and then have to duplicate
to the other routers. My initial thought was a local BGP router and I can
add the route and have each peer neighbor with it, but that will only work
for outbound traffic, or traffic into one of my IPs.
For example, if I find someone trying to brute force an ssh login, I want to
be able to block that IP specifically at the border routers on ingress into
my network, without having to add an ACL entry to each box. I suppose I
could write a script to ssh to each box and add the acl entry, but I was
looking for something a little easier to manage. Any ideas on how to do
this? Thanks.
Peder
More information about the cisco-nsp
mailing list