Justin Shore wrote:
Michiel Klaver wrote:
I would suggest to report that netblock to SpamHaus to have it
included at their DROP list, and also use that DROP list as extra
filter in addition to your bogon filter setup at your border routers.
The SpamHaus DROP (Don't Route Or Peer) list was specially designed
for this kind of abuse of stolen 'hijacked' netblocks and netblocks
controlled entirely by professional spammers.
As a brief off-shoot of the original topic, has anyone scripted the use
of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc? I'm not
asking if people think it's safe; that's up to the network wanting to
deploy it. I'm wondering if anyone has any scripts for pulling down the
DROP list, parsing it into whatever you need (static routes on a RTBH
trigger router or ACLs on a border router and then deployed the config
change(s). I don't want to reinvent the wheel is someone else has
already done this.
Thanks
Justin
SpamHaus already provides a link to a nice script for Cisco gear at their
FAQ page: http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ
And this shell command shoud give you a Juniper style prefix-list to include
at your filter terms:
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | sed -e "s/;.*//" -e
'/^[0-9]/ !d' -e "s/^/set policy-options prefix-list drop-lasso /"
Hope it's helpfull!
With kind regards,
Michiel Klaver
IT Professional
