Justin Shore wrote:
Michiel Klaver wrote:
I would suggest to report that netblock to SpamHaus to have it
included at their DROP list, and also use that DROP list as extra
filter in addition to your bogon filter setup at your border routers.
The SpamHaus DROP (Don't Route Or Peer) list was specially designed
for this kind of abuse of stolen 'hijacked' netblocks and netblocks
controlled entirely by professional spammers.
As a brief off-shoot of the original topic, has anyone scripted the
use of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc? I'm
not asking if people think it's safe; that's up to the network wanting
to deploy it. I'm wondering if anyone has any scripts for pulling
down the DROP list, parsing it into whatever you need (static routes
on a RTBH trigger router or ACLs on a border router and then deployed
the config change(s). I don't want to reinvent the wheel is someone
else has already done this.
Downloading and parsing is easy. I used to drop it into the config for
a small dns server, rbldnsd I believe, that understands CIDR and used it
as a local blacklist. It did very little to stop spam and I was never
brave enough to script an automatic update to BGP.
