dealing with bogon spam ?

Michiel Klaver michiel at klaver.it
Thu Oct 29 08:24:59 UTC 2009


Justin Shore wrote:
> Michiel Klaver wrote:
>> I would suggest to report that netblock to SpamHaus to have it 
>> included at their DROP list, and also use that DROP list as extra 
>> filter in addition to your bogon filter setup at your border routers.
>>
>> The SpamHaus DROP (Don't Route Or Peer) list was specially designed 
>> for this kind of abuse of stolen 'hijacked' netblocks and netblocks 
>> controlled entirely by professional spammers.
> 
> As a brief off-shoot of the original topic, has anyone scripted the use 
> of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc?  I'm not 
> asking if people think it's safe; that's up to the network wanting to 
> deploy it.  I'm wondering if anyone has any scripts for pulling down the 
> DROP list, parsing it into whatever you need (static routes on a RTBH 
> trigger router or ACLs on a border router and then deployed the config 
> change(s).  I don't want to reinvent the wheel is someone else has 
> already done this.
> 
> Thanks
>   Justin
> 

SpamHaus already provides a link to a nice script for Cisco gear at their 
FAQ page: http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ

And this shell command shoud give you a Juniper style prefix-list to include 
at your filter terms:

wget -q -O - http://www.spamhaus.org/drop/drop.lasso | sed -e "s/;.*//" -e 
'/^[0-9]/ !d' -e "s/^/set policy-options prefix-list drop-lasso /"


Hope it's helpfull!


With kind regards,

Michiel Klaver
IT Professional




More information about the NANOG mailing list