You can still withdraw the route advertisement.
If you're attempting to gain access to my systems, you don't belong on my
network. No one other than my management should ever attempt to gain access to
my systems. The vast majority of the time it'll be script kiddies or malware.
The only time a customer should be attempting to gain access to one of my
systems is the mail servers. A call to support can remedy any forgotten mail
credentials issues.
If your system is infected and the malware is attempting access, get your
system cleaned. No excuse for script kiddies or infestations.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Gavin Henry" <[email protected]>
To: "fail2ban list" <[email protected]>
Cc: [email protected]
Sent: Sunday, November 30, 2014 12:42:47 PM
Subject: Re: [Fail2ban-users] Syslog -> BGP Blackhole
On 30 Nov 2014 18:30, "Mike Hammett" < [email protected] > wrote:
>
> Right, there's no way to stop it from hitting your ASN as your upstreams will
> not accept blackhole routes that aren't from your address space. However,
> once it hits your edge routers, it will be null routed and not be carried on.
>
And if it's a false hit or customer making a mistake a fail2ban restart or
iptables change will have no affect.
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
>
>
> ________________________________
> From: "Gavin Henry" < [email protected] >
> To: "fail2ban list" < [email protected] >
> Cc: [email protected]
> Sent: Sunday, November 30, 2014 12:20:26 PM
>
> Subject: Re: [Fail2ban-users] Syslog -> BGP Blackhole
>
> > The BGP blackhole injection is to block those IPs ASN wide. All routers,
> > switches, servers, etc. dump their logs into one place, then one process
> > blackholes offending users across the entire network. I would then not have
> > to run as thorough protection on the rest of the network as the Fail2Ban
> > server would be doing all of the leg work
>
> But unless you did the same to your own announcements you'd still get
> the traffic to your ASN.
>
> Thanks.
>
> --
> Kind Regards,
> Gavin Henry.
>
>
>
> ------------------------------------------------------------------------------
>
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
