[135246] in North American Network Operators' Group
Re: Auto ACL blocker
daemon@ATHENA.MIT.EDU (ML)
Tue Jan 18 19:28:42 2011
Date: Tue, 18 Jan 2011 19:27:42 -0500
From: ML <ml@kenweb.org>
To: nanog@nanog.org
In-Reply-To: <A1B9BAEA8FE39847BCD6C473E894B595027A50AB@SDEXMB02.Proflowers.com>
Reply-To: ml@kenweb.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/18/2011 6:48 PM, Thomas Magill wrote:
> Also, have you considered just using the spamhaus DROP list? They even have code to have the list pushed to IOS available. You could simply substitute your file for their list if you only want to use IPs caught by your honeypot.
>
> http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ
>
>
I know Spamhaus doesn't offer a BGP feed of the DROP list. Has anyone
made a homegrown solution?
There is a PHP script that pull the DROP list and make a Cisco ACL or
IPtables rules.
http://www.potato-people.com/code/misctools/spamhausdrop.phps
