[c-nsp] Dropping traffic based on source address
Rodney Dunn
rodunn at cisco.com
Thu Jun 30 23:11:55 EDT 2005
Thinking out loud on this one...
But could you spoof the routing advertisement to make
it look like it come in from a different interface
and then enable uRPF and let it drop the traffic on ingress?
On Fri, Jul 01, 2005 at 11:47:11AM +0930, Brad Gould wrote:
> Hi!
>
> We have a (large) list of spamming evil hosts/networks we would like
> block from our mail servers. (~500k entries)
>
> The list is being imported into the routing table via bgp, and we can
> drop the return path traffic, using PBR. But the initial syn traffic is
> getting through to the servers.
>
> I'd like to drop the inbound traffic, based on its source address, but I
> cant construct a sensible ACL - there are too many entries (around 500k).
>
> But can I match based on known routes in the routing table, and apply
> that on the way into the network?
>
> Any ideas?
>
> Thanks
>
> Brad
>
> --
> Brad Gould, Network Engineer
> Internode
> PO Box 284, Rundle Mall 5000
> Level 3, 132 Grenfell Street, Adelaide 5000
> P: 08 8228 2999 F: 08 8235 6999
> bradley at internode.com.au; http://www.internode.on.net/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list