[102160] in North American Network Operators' Group
Blackholing traffic by ASN
daemon@ATHENA.MIT.EDU (Justin Shore)
Wed Jan 30 18:35:55 2008
Date: Wed, 30 Jan 2008 17:33:20 -0600
From: Justin Shore <justin@justinshore.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
I'm sure all of us have parts of the Internet that we block for one
reason or another. I have existing methods for null routing traffic
from annoying hosts and subnets on our border routers today (I'm still
working on a network blackhole). However I've never tackled the problem
by targeting a bad guy's ASN. What's the best option for null routing
traffic by ASN? I could always add another deny statement in my inbound
eBGP route-maps to match a new as-path ACL for _BAD-ASN_ to keep from
accepting their routes to begin with. Are there any other good tricks
that I can employ?
I have another question along those same lines. Once I do have my
blackhole up and running I can easily funnel hosts or subnets into the
blackhole. What about funneling all routes to a particular ASN into the
blackhole? Are there any useful tricks here?
The ASN I'm referring to is that of the Russian Business Network. A
Google search should turn up plenty of info for those that haven't heard
of them.
Thanks
Justin
