[135289] in North American Network Operators' Group
Update Spamhaus DROP list from Cisco CLI (TCL)
daemon@ATHENA.MIT.EDU (Thomas Magill)
Wed Jan 19 21:06:00 2011
From: Thomas Magill <tmagill@providecommerce.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 20 Jan 2011 02:04:36 +0000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Previous conversations made me decide this would be fun to do so I ignored =
all my real work today and made it happen.
I built a TCL script that can be mapped to an alias ("alias exec updatedrop=
tclsh updatedrop.tcl") that will connect to the Spamhaus DROP list and rou=
te all of the prefixes to null0. It should alsbo be able to be mapped to a=
kron job, but I haven't tested that and I've heard there are issues with k=
ron+tcl unless you tie it to an EEM event. It adds a name indicator (Spamh=
aus_SBLXXXXX) to all of the routes to show that they come from the DROP lis=
t. You can find the script at:
http://tmagill.net/cisco_networking_ccie_studies/?p=3D83
There is also a script to remove all of the Spamhaus_SBLXXXXX null routes.
If I were to redis these into BGP they could be propagated just like the CY=
MRU Bogons... I plan on doing that within the next week and start testing.=
Does anyone see that as a useful service to be offered?
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
tmagill@providecommerce.com<mailto:tmagill@providecommerce.com>
provide-commerce
4840 Eastgate Mall
San Diego, CA 92121
ProFlowers<http://www.proflowers.com/> | redENVELOPE<http://www.redenvelope=
.com/> | Cherry Moon Farms<http://www.cherrymoonfarms.com/> | Shari's Berri=
es<http://www.berries.com/>
