[c-nsp] Blackhole Inbound Traffic
Steve Bertrand
steve at ipv6canada.com
Wed Nov 17 19:42:49 EST 2010
On 2010.11.17 10:35, Peder wrote:
> I have several border routers connected to different Internet providers. I
> want to be able to blackhole inbound traffic from certain IPs. My hope is
> that there is a way that I can set it in one spot and then have to duplicate
> to the other routers. My initial thought was a local BGP router and I can
> add the route and have each peer neighbor with it, but that will only work
> for outbound traffic, or traffic into one of my IPs.
>
> For example, if I find someone trying to brute force an ssh login, I want to
> be able to block that IP specifically at the border routers on ingress into
> my network, without having to add an ACL entry to each box. I suppose I
> could write a script to ssh to each box and add the acl entry, but I was
> looking for something a little easier to manage. Any ideas on how to do
> this? Thanks.
Here's a relatively complete example that also incorporates the Team
Cymru feeds:
http://ipv6canada.com/?p=59
Steve
More information about the cisco-nsp
mailing list