-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Suresh Ramasubramanian wrote:
> Devdas Bhagat [31/12/06 21:25 +0530]:
>> I just had a conversation about certain system in .ru hosting spamming
>> software which is downloaded via trojans and then used to send spam.
>>
>> How complex would it be to setup router ACLs to block such hosts by
>> automatically updating router configurations (script this)? What kind of
>> performance impact can we expect?
>
> Depends - how many IPs? There's enough cisco config management software
> like CCR [the one Alexi Roudnev maintains] and others to pull the stuff out
> of band on a separate host and update nullroutes as required .. but now
> many IPs would need nullrouting.
- ----------------------
Correct, chasing IPs will be quite challenging, not to mention virtual
space. Even though you do find some consistency, you'll need similar
effort such as BOGON list (http://www.cymru.com/Bogons/) to maintain and
distribute the list.
regards,
/virendra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFl/8QpbZvCIJx1bcRAkqgAKCk00ecSZb+9oEuj+wyiGlCN5w+xwCfY1Oi
YqasUtCqMAilANDTb0OBDMQ=
=9278
-----END PGP SIGNATURE-----
--
This is the SANOG (http://www.sanog.org/) mailing list.
|
