Right, there's no way to stop it from hitting your ASN as your upstreams will
not accept blackhole routes that aren't from your address space. However, once
it hits your edge routers, it will be null routed and not be carried on.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Gavin Henry" <[email protected]>
To: "fail2ban list" <[email protected]>
Cc: [email protected]
Sent: Sunday, November 30, 2014 12:20:26 PM
Subject: Re: [Fail2ban-users] Syslog -> BGP Blackhole
> The BGP blackhole injection is to block those IPs ASN wide. All routers,
> switches, servers, etc. dump their logs into one place, then one process
> blackholes offending users across the entire network. I would then not have
> to run as thorough protection on the rest of the network as the Fail2Ban
> server would be doing all of the leg work
But unless you did the same to your own announcements you'd still get
the traffic to your ASN.
Thanks.
--
Kind Regards,
Gavin Henry.
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
