[c-nsp] Dropping traffic based on source address

Brad Gould bradley at internode.com.au
Thu Jun 30 22:17:11 EDT 2005


Hi!

We have a (large) list of spamming evil hosts/networks we would like 
block from our mail servers. (~500k entries)

The list is being imported into the routing table via bgp, and we can 
drop the return path traffic, using PBR.  But the initial syn traffic is 
getting through to the servers.

I'd like to drop the inbound traffic, based on its source address, but I 
cant construct a sensible ACL - there are too many entries (around 500k).

But can I match based on known routes in the routing table, and apply 
that on the way into the network?

Any ideas?

Thanks

Brad

-- 
Brad Gould, Network Engineer
Internode
PO Box 284, Rundle Mall 5000
Level 3, 132 Grenfell Street, Adelaide 5000
P: 08 8228 2999  F: 08 8235 6999
bradley at internode.com.au; http://www.internode.on.net/


More information about the cisco-nsp mailing list