>>> On 3/17/2011 at 3:04 PM, Clarke Morledge <chm...@wm.edu> wrote: > The SRX policy actions (count, deny, log, permit, reject) are helpful, but > a little limited. I am wondering if there might be a way to enforce a > special action such as take the ip address of the source packet and inject > it into a routing table of some sort. > > What I have in mind is some way to use the SRX to grab the IPs of > misbehaving hosts and put the address in a RIB. Then I can use routing > policy to put the route into a BGP feed to a border router that would null > route traffic to and from that IP address using tricks with Unicast > Reverse Path Forwarding. > > This would be like using the SRX has a simple honeypot to then enforce a > host address block at the network perimeter. Of course, there are all > sorts of dangers and challenges involved, such as making sure you don't > end up DOS'ing the SRX yourself, etc. But I still wish there was a clean > way to proactively do this. > > My other option is to just log the packet to somewhere else, parse the > log, then grab the IP of the offender and populate my BGP feed that way. > But this could get complicated, too. > > It could be a handy feature to do all of this task on the SRX. > > Anybody have any ideas on this?
Event script. SLAX scripts are a bit hard to wrap your head around at first, but this Day One document is a pretty good primer, http://www.juniper.net/us/en/community/junos/training-certification/day-one/automation-series/applying-junos-automation/ You may want to hit up, http://code.google.com/p/junoscriptorium/ And see if something even close already exists there. BTW, anyone else know of good sources of JUNOS script examples? -- Crist Clark Network Security Specialist, Information Systems Globalstar 408 933 4387 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp