[118765] in North American Network Operators' Group
Re: dealing with bogon spam ?
daemon@ATHENA.MIT.EDU (Jason Bertoch)
Wed Oct 28 14:57:43 2009
Date: Wed, 28 Oct 2009 14:56:47 -0400
From: Jason Bertoch <jason@i6ix.com>
To: nanog@nanog.org
In-Reply-To: <4AE8918F.5010805@justinshore.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Justin Shore wrote:
> Michiel Klaver wrote:
>> I would suggest to report that netblock to SpamHaus to have it
>> included at their DROP list, and also use that DROP list as extra
>> filter in addition to your bogon filter setup at your border routers.
>>
>> The SpamHaus DROP (Don't Route Or Peer) list was specially designed
>> for this kind of abuse of stolen 'hijacked' netblocks and netblocks
>> controlled entirely by professional spammers.
>
> As a brief off-shoot of the original topic, has anyone scripted the
> use of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc? I'm
> not asking if people think it's safe; that's up to the network wanting
> to deploy it. I'm wondering if anyone has any scripts for pulling
> down the DROP list, parsing it into whatever you need (static routes
> on a RTBH trigger router or ACLs on a border router and then deployed
> the config change(s). I don't want to reinvent the wheel is someone
> else has already done this.
Downloading and parsing is easy. I used to drop it into the config for
a small dns server, rbldnsd I believe, that understands CIDR and used it
as a local blacklist. It did very little to stop spam and I was never
brave enough to script an automatic update to BGP.
