Look for loose mode URPF and RTBH or remote triggering of blackholes. The idea here you announce the routes you wish to block tagged with the correct community and you instruct your edges to route these addresses to null or you tag a community that your upstreams have provided that has the same effect blocking the traffic at their edges. Another option is flow spec where you dynamically build firewall filters on the fly based on extended messaging with in BGP but I’m not sure the status of this in Cisco products, J has had this for sometime now.
You can combine this with anomaly detection nd automate a fair bit of the process or at least alert for humans to make the final changes. Read about RFC 5635 for more background. https://tools.ietf.org/html/rfc5635 Thanks Scott On May 8, 2015, at 10:28 AM, Scott Voll <svoll.v...@gmail.com> wrote: > I am downloading a list of hacker networks that I would like to automate > updating a ACL on my router to blackhole them. > > How are others doing this? What is this called? My Google-fu is not > working for me. > > Thanks > > scott > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/