[c-nsp] Blackhole Inbound Traffic

Dan Holme dan.holme at gmail.com
Wed Nov 17 10:39:49 EST 2010


On 17 November 2010 15:35, Peder <peder at networkoblivion.com> wrote:
> For example, if I find someone trying to brute force an ssh login, I want to
> be able to block that IP specifically at the border routers on ingress into
> my network, without having to add an ACL entry to each box.  I suppose I
> could write a script to ssh to each box and add the acl entry, but I was
> looking for something a little easier to manage.  Any ideas on how to do
> this?  Thanks.

Hi

Google for "remote triggered black hole". First few hits are helpful.
This is a standard way of blackholing traffic based on source using
uRPF.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf

-- 
Dan Holme



More information about the cisco-nsp mailing list