Look for loose mode URPF and RTBH or remote triggering of blackholes. The idea
here you announce the routes you wish to block tagged with the correct
community and you instruct your edges to route these addresses to null or you
tag a community that your upstreams have provided that has the same effect
blocking the traffic at their edges.
Another option is flow spec where you dynamically build firewall
filters on the fly based on extended messaging with in BGP but I’m not sure the
status of this in Cisco products, J has had this for sometime now.
You can combine this with anomaly detection nd automate a fair bit of the
process or at least alert for humans to make the final changes.
Read about RFC 5635 for more background.
https://tools.ietf.org/html/rfc5635
Thanks
Scott
On May 8, 2015, at 10:28 AM, Scott Voll <svoll.v...@gmail.com> wrote:
> I am downloading a list of hacker networks that I would like to automate
> updating a ACL on my router to blackhole them.
>
> How are others doing this? What is this called? My Google-fu is not
> working for me.
>
> Thanks
>
> scott
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
