The BGP blackhole injection is to block those IPs ASN wide. All routers,
switches, servers, etc. dump their logs into one place, then one process
blackholes offending users across the entire network. I would then not have to
run as thorough protection on the rest of the network as the Fail2Ban server
would be doing all of the leg work.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Tom Hendrikx" <[email protected]>
To: [email protected]
Sent: Sunday, November 30, 2014 10:46:27 AM
Subject: Re: [Fail2ban-users] Syslog -> BGP Blackhole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 30-11-14 17:11, fail2ban list wrote:
> This is my first post, so don't hate on me too much. I did search
> the archive for BGP before posting, so hopefully it hasn't been
> covered.
>
> I am looking to point Fail2Ban at a centralized syslog server (I
> know I'd have to get the desired logs here first), complain to the
> whois abuse contact (which I'm working on for my single server
> setups) and then insert that IP address as a BGP blackhole. I see
> how to add it as a local route blackhole, but I'm not sure how to
> do the BGP part. I assume that I'd have to install a BGP daemon
> locally or SSH into one (perhaps one I also use as a route
> reflector?) and execute a command to insert a blackhole route.
>
> Has anyone done this?
>
> Can I do a second (or third) action in addition to that to remote
> into off-net boxes and add it to their routes. I'd like to prefer
> to do it via routes as routes has less load than a firewall.
>
It sounds like a difficult task with a small gain. The amount of cpu
cycles spared by using routes vs iptables is probably useless once you
start using a python program that can tail logfiles (i.e. run fail2ban).
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUe0ngAAoJEJPfMZ19VO/1yMQQANDEBE3iEa6fMSEUmovqCEny
XD9NnLayNT1Lkl0NZnUV7J+9VOVV6a6+q8c7WiCu52bnKIiE756erWVwDnWRnIHb
1vaK/+xWdt43l+c9b0nU8iT6pS7qIERJmAGfZz6wcv0mZBnsaQYBioI2kudV1X42
oaIxYS3vLF7cAqst610jMIH9y7WA8DzgXzDErs/MZYMVYq0BRZVfYiIi0Nwu7oet
15gr2wiYcmXjRLQlmlXD5zHrHsMbTjmr7lMM2FP9sCyECPiCa3Gukh/8RlQbb7cl
xScZUtCtCQV+CaeKzg2heo++Z5ndM9rpx5rJ5YhXlmDQ6C+8/iH5D5UheaTgKWMr
g0J/bbgbHb74TyaQkMlfk8TAWzyxs+ramcZaXgraYhvFvxlhitL8WswbPiBTWBHj
ifWfh9Y4AgyAbCmySE0/GKwYgi2W9ui+03pyhUqS2v4Hyu8s/MIatNixkyPlGYfh
HZV/gEY5K2ZsK/mjmoGxQHNTuMIVOUY94sjOyqdtfGsyEE2uF3aZ6bj2WMQ1t2dq
NGkR/LfAU5C1uPftfVOGJqevqCUkI/o4FW3u9+DzAg35sOlmrvW33OpMTQlWsNUb
G5m4Rvea3B1BD/VFVl/Bx6+KymdhwCRMVn8KFEwuZ5sESaKJi+0aELpe/7bQZoRp
Lsxmz6YdBXo6xAb+6AIZ
=6mC5
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
