dealing with bogon spam ?
michiel at klaver.it
Thu Oct 29 08:24:59 UTC 2009
Justin Shore wrote:
> Michiel Klaver wrote:
>> I would suggest to report that netblock to SpamHaus to have it
>> included at their DROP list, and also use that DROP list as extra
>> filter in addition to your bogon filter setup at your border routers.
>> The SpamHaus DROP (Don't Route Or Peer) list was specially designed
>> for this kind of abuse of stolen 'hijacked' netblocks and netblocks
>> controlled entirely by professional spammers.
> As a brief off-shoot of the original topic, has anyone scripted the use
> of Spamhaus's DROP list in a RTBH, ACLs, null-routes, etc? I'm not
> asking if people think it's safe; that's up to the network wanting to
> deploy it. I'm wondering if anyone has any scripts for pulling down the
> DROP list, parsing it into whatever you need (static routes on a RTBH
> trigger router or ACLs on a border router and then deployed the config
> change(s). I don't want to reinvent the wheel is someone else has
> already done this.
SpamHaus already provides a link to a nice script for Cisco gear at their
FAQ page: http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ
And this shell command shoud give you a Juniper style prefix-list to include
at your filter terms:
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | sed -e "s/;.*//" -e
'/^[0-9]/ !d' -e "s/^/set policy-options prefix-list drop-lasso /"
Hope it's helpfull!
With kind regards,
More information about the NANOG