[c-nsp] Blackhole Inbound Traffic
Peder
peder at networkoblivion.com
Wed Nov 17 10:57:08 EST 2010
Thanks to all who responded. I knew about uRPF, I just didn't realize you
could blackhole on a null route for the source IP. I'll have to lab it up
and see how it works.
Peder
-----Original Message-----
From: Rodney Dunn [mailto:rodunn at cisco.com]
Sent: Wednesday, November 17, 2010 9:39 AM
To: Peder
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Blackhole Inbound Traffic
Peder,
Is this what you are in need of?
http://tools.ietf.org/html/draft-ietf-opsec-blackhole-urpf-04
Rodney
On 11/17/10 10:35 AM, Peder wrote:
> I have several border routers connected to different Internet providers.
I
> want to be able to blackhole inbound traffic from certain IPs. My hope is
> that there is a way that I can set it in one spot and then have to
duplicate
> to the other routers. My initial thought was a local BGP router and I can
> add the route and have each peer neighbor with it, but that will only work
> for outbound traffic, or traffic into one of my IPs.
>
> For example, if I find someone trying to brute force an ssh login, I want
to
> be able to block that IP specifically at the border routers on ingress
into
> my network, without having to add an ACL entry to each box. I suppose I
> could write a script to ssh to each box and add the acl entry, but I was
> looking for something a little easier to manage. Any ideas on how to do
> this? Thanks.
>
> Peder
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list