[c-nsp] Blackhole Inbound Traffic

Peder peder at networkoblivion.com
Wed Nov 17 10:35:10 EST 2010


I have several border routers connected to different Internet providers.  I
want to be able to blackhole inbound traffic from certain IPs.  My hope is
that there is a way that I can set it in one spot and then have to duplicate
to the other routers.  My initial thought was a local BGP router and I can
add the route and have each peer neighbor with it, but that will only work
for outbound traffic, or traffic into one of my IPs.  

For example, if I find someone trying to brute force an ssh login, I want to
be able to block that IP specifically at the border routers on ingress into
my network, without having to add an ACL entry to each box.  I suppose I
could write a script to ssh to each box and add the acl entry, but I was
looking for something a little easier to manage.  Any ideas on how to do
this?  Thanks.

Peder




More information about the cisco-nsp mailing list