[c-nsp] Black hole routing dynamically
Scott Granados
scott at granados-llc.net
Fri May 8 11:18:08 EDT 2015
Look for loose mode URPF and RTBH or remote triggering of blackholes. The idea here you announce the routes you wish to block tagged with the correct community and you instruct your edges to route these addresses to null or you tag a community that your upstreams have provided that has the same effect blocking the traffic at their edges.
Another option is flow spec where you dynamically build firewall filters on the fly based on extended messaging with in BGP but I’m not sure the status of this in Cisco products, J has had this for sometime now.
You can combine this with anomaly detection nd automate a fair bit of the process or at least alert for humans to make the final changes.
Read about RFC 5635 for more background.
https://tools.ietf.org/html/rfc5635
Thanks
Scott
On May 8, 2015, at 10:28 AM, Scott Voll <svoll.voip at gmail.com> wrote:
> I am downloading a list of hacker networks that I would like to automate
> updating a ACL on my router to blackhole them.
>
> How are others doing this? What is this called? My Google-fu is not
> working for me.
>
> Thanks
>
> scott
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list