nanog mailing list archives
RE: Auto ACL blocker
From: Thomas Magill <tmagill () providecommerce com>
Date: Tue, 18 Jan 2011 19:32:01 +0000
I would consider doing it through BGP via quagga or such. Nullrouting with BGP is much cleaner than ACLs as your config stays static and only your routing table changes. I also imagine due to existing BGP blacklisting methods, that much of the work is already done and all you need is to get the honeypot to export the right format. -----Original Message----- From: Brian R. Watters [mailto:brwatters () absfoc com] Sent: Tuesday, January 18, 2011 11:12 AM To: nanog () nanog org Subject: Auto ACL blocker We are looking for the following solution. Honey pot that collects attacks against SSH/FTP and so on Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. Of course we would require a master whitelist as well as to not be blocked from our own networks. Any current solutions or ideas ?? -- BRW
Current thread:
- Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Guerra, Ruben (Jan 18)
- Re: Auto ACL blocker Roland Dobbins (Jan 18)
- Re: Auto ACL blocker Greg Whynott (Jan 18)
- Re: Auto ACL blocker Larry Smith (Jan 18)
- RE: Auto ACL blocker Mark Scholten (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Ronald Bonica (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- Re: Auto ACL blocker Joe Blanchard (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker ML (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker ML (Jan 18)
- <Possible follow-ups>
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker George Bonser (Jan 18)