[c-nsp] Blackhole Inbound Traffic
Dan Holme
dan.holme at gmail.com
Wed Nov 17 10:39:49 EST 2010
On 17 November 2010 15:35, Peder <peder at networkoblivion.com> wrote:
> For example, if I find someone trying to brute force an ssh login, I want to
> be able to block that IP specifically at the border routers on ingress into
> my network, without having to add an ACL entry to each box. I suppose I
> could write a script to ssh to each box and add the acl entry, but I was
> looking for something a little easier to manage. Any ideas on how to do
> this? Thanks.
Hi
Google for "remote triggered black hole". First few hits are helpful.
This is a standard way of blackholing traffic based on source using
uRPF.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf
--
Dan Holme
More information about the cisco-nsp
mailing list