[118763] in North American Network Operators' Group
Re: dealing with bogon spam ?
daemon@ATHENA.MIT.EDU (Justin Shore)
Wed Oct 28 14:47:57 2009
Date: Wed, 28 Oct 2009 13:46:39 -0500
From: Justin Shore <justin@justinshore.com>
To: Michiel Klaver <michiel@klaver.it>
In-Reply-To: <4AE80553.4060602@klaver.it>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Michiel Klaver wrote:
> I would suggest to report that netblock to SpamHaus to have it included
> at their DROP list, and also use that DROP list as extra filter in
> addition to your bogon filter setup at your border routers.
>
> The SpamHaus DROP (Don't Route Or Peer) list was specially designed for
> this kind of abuse of stolen 'hijacked' netblocks and netblocks
> controlled entirely by professional spammers.
As a brief off-shoot of the original topic, has anyone scripted the use
of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc? I'm not
asking if people think it's safe; that's up to the network wanting to
deploy it. I'm wondering if anyone has any scripts for pulling down the
DROP list, parsing it into whatever you need (static routes on a RTBH
trigger router or ACLs on a border router and then deployed the config
change(s). I don't want to reinvent the wheel is someone else has
already done this.
Thanks
Justin
