[135291] in North American Network Operators' Group
Re: Update Spamhaus DROP list from Cisco CLI (TCL)
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Wed Jan 19 21:22:54 2011
In-Reply-To: <A1B9BAEA8FE39847BCD6C473E894B595027BF5E0@SDEXMB02.Proflowers.com>
Date: Thu, 20 Jan 2011 07:50:28 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Thomas Magill <tmagill@providecommerce.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Did you try this
http://www.spamhaus.org/faq/answers.lasso?section=3DDROP%20FAQ#168
LInks to Marco d'Itri's "cisco tools" package -
http://www.linux.it/~md/software/cisco-tools-0.2.tgz
Pretty neat, can update bogons as well
On Thu, Jan 20, 2011 at 7:34 AM, Thomas Magill
<tmagill@providecommerce.com> wrote:
> Previous conversations made me decide this would be fun to do so I ignore=
d all my real work today and made it happen.
>
> I built a TCL script that can be mapped to an alias ("alias exec updatedr=
op tclsh updatedrop.tcl") that will connect to the Spamhaus DROP list and r=
oute all of the prefixes to null0. =C2=A0It should alsbo be able to be mapp=
ed to a kron job, but I haven't tested that and I've heard there are issues=
with kron+tcl unless you tie it to an EEM event. =C2=A0It adds a name indi=
cator (Spamhaus_SBLXXXXX) to all of the routes to show that they come from =
the DROP list. =C2=A0You can find the script at:
>
> http://tmagill.net/cisco_networking_ccie_studies/?p=3D83
>
> There is also a script to remove all of the Spamhaus_SBLXXXXX null routes=
.
>
> If I were to redis these into BGP they could be propagated just like the =
CYMRU Bogons... =C2=A0I plan on doing that within the next week and start t=
esting. =C2=A0Does anyone see that as a useful service to be offered?
>
>
> Thomas Magill
> Network Engineer
> Office: (858) 909-3777
> Cell: (858) 869-9685
> tmagill@providecommerce.com<mailto:tmagill@providecommerce.com>
>
> provide-commerce
> 4840 Eastgate Mall
> San Diego, CA =C2=A092121
>
> ProFlowers<http://www.proflowers.com/> | redENVELOPE<http://www.redenvelo=
pe.com/> | Cherry Moon Farms<http://www.cherrymoonfarms.com/> | Shari's Ber=
ries<http://www.berries.com/>
>
>
--=20
Suresh Ramasubramanian (ops.lists@gmail.com)
