[118789] in North American Network Operators' Group
Re: Re: dealing with bogon spam ?
daemon@ATHENA.MIT.EDU (Michiel Klaver)
Thu Oct 29 04:25:56 2009
Date: Thu, 29 Oct 2009 09:24:59 +0100
From: Michiel Klaver <michiel@klaver.it>
To: Justin Shore <justin@justinshore.com>
In-Reply-To: <4AE8918F.5010805@justinshore.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Justin Shore wrote:
> Michiel Klaver wrote:
>> I would suggest to report that netblock to SpamHaus to have it
>> included at their DROP list, and also use that DROP list as extra
>> filter in addition to your bogon filter setup at your border routers.
>>
>> The SpamHaus DROP (Don't Route Or Peer) list was specially designed
>> for this kind of abuse of stolen 'hijacked' netblocks and netblocks
>> controlled entirely by professional spammers.
>
> As a brief off-shoot of the original topic, has anyone scripted the use
> of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc? I'm not
> asking if people think it's safe; that's up to the network wanting to
> deploy it. I'm wondering if anyone has any scripts for pulling down the
> DROP list, parsing it into whatever you need (static routes on a RTBH
> trigger router or ACLs on a border router and then deployed the config
> change(s). I don't want to reinvent the wheel is someone else has
> already done this.
>
> Thanks
> Justin
>
SpamHaus already provides a link to a nice script for Cisco gear at their
FAQ page: http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ
And this shell command shoud give you a Juniper style prefix-list to include
at your filter terms:
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | sed -e "s/;.*//" -e
'/^[0-9]/ !d' -e "s/^/set policy-options prefix-list drop-lasso /"
Hope it's helpfull!
With kind regards,
Michiel Klaver
IT Professional
