Blackholing traffic by ASN

Justin Shore justin at justinshore.com
Wed Jan 30 23:33:20 UTC 2008


I'm sure all of us have parts of the Internet that we block for one 
reason or another.  I have existing methods for null routing traffic 
from annoying hosts and subnets on our border routers today (I'm still 
working on a network blackhole).  However I've never tackled the problem 
by targeting a bad guy's ASN.  What's the best option for null routing 
traffic by ASN?  I could always add another deny statement in my inbound 
eBGP route-maps to match a new as-path ACL for _BAD-ASN_ to keep from 
accepting their routes to begin with.  Are there any other good tricks 
that I can employ?

I have another question along those same lines.  Once I do have my 
blackhole up and running I can easily funnel hosts or subnets into the 
blackhole.  What about funneling all routes to a particular ASN into the 
blackhole?  Are there any useful tricks here?

The ASN I'm referring to is that of the Russian Business Network.  A 
Google search should turn up plenty of info for those that haven't heard 
of them.

Thanks
  Justin




More information about the NANOG mailing list