[c-nsp] Blackhole Inbound Traffic
Rodney Dunn
rodunn at cisco.com
Wed Nov 17 10:39:06 EST 2010
Peder,
Is this what you are in need of?
http://tools.ietf.org/html/draft-ietf-opsec-blackhole-urpf-04
Rodney
On 11/17/10 10:35 AM, Peder wrote:
> I have several border routers connected to different Internet providers. I
> want to be able to blackhole inbound traffic from certain IPs. My hope is
> that there is a way that I can set it in one spot and then have to duplicate
> to the other routers. My initial thought was a local BGP router and I can
> add the route and have each peer neighbor with it, but that will only work
> for outbound traffic, or traffic into one of my IPs.
>
> For example, if I find someone trying to brute force an ssh login, I want to
> be able to block that IP specifically at the border routers on ingress into
> my network, without having to add an ACL entry to each box. I suppose I
> could write a script to ssh to each box and add the acl entry, but I was
> looking for something a little easier to manage. Any ideas on how to do
> this? Thanks.
>
> Peder
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list