[c-nsp] Efficient way to block spammer networks?
Niels Bakker
niels=cisco-nsp at bakker.net
Tue Apr 26 02:19:28 EDT 2005
* jlewis at lewis.org (Jon Lewis) [Mon 25 Apr 2005, 20:55 CEST]:
>On Mon, 25 Apr 2005, Jeff Chan wrote:
>> What's the most efficient/preferred way to stop their traffic at
>> the edge of our network? Static route to null0? Filter their
>> AS? ACL their prefixes?
>If you're sure about not wanting to exchange traffic with that ASN, just
>reject any route with that ASN in the path (input route-map) and make sure
>you don't point default at your transit providers. Then you'll have no
>way to talk to that ASN regardless of what routes they advertise.
... setting yourself up for a SYN flood whenever a host in a prefix
announced under that ASN tries to talk to a host in your network.
If you can, you may want to set next-hop to Null0 for prefixes with that
ASN in the AS_path, and then run uRPF-loose on your borders to drop
incoming packets from those networks.
-- Niels.
--
More information about the cisco-nsp
mailing list