[c-nsp] Blackhole Inbound Traffic
Youssef Bengelloun-Zahr
youssef at 720.fr
Wed Nov 17 10:52:18 EST 2010
You need to lookup something called RTBH.
It can be used for source or destination IP. uRPF cab always help but beware of the mode you choose for your implementation (strict or loose).
My 2 cents.
Regards.
Y.
Le 17 nov. 2010 à 16:39, Jay Nakamura <zeusdadog at gmail.com> a écrit :
> uRPF?
>
> On Wed, Nov 17, 2010 at 10:35 AM, Peder <peder at networkoblivion.com> wrote:
>> I have several border routers connected to different Internet providers. I
>> want to be able to blackhole inbound traffic from certain IPs. My hope is
>> that there is a way that I can set it in one spot and then have to duplicate
>> to the other routers. My initial thought was a local BGP router and I can
>> add the route and have each peer neighbor with it, but that will only work
>> for outbound traffic, or traffic into one of my IPs.
>>
>> For example, if I find someone trying to brute force an ssh login, I want to
>> be able to block that IP specifically at the border routers on ingress into
>> my network, without having to add an ACL entry to each box. I suppose I
>> could write a script to ssh to each box and add the acl entry, but I was
>> looking for something a little easier to manage. Any ideas on how to do
>> this? Thanks.
>>
>> Peder
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list