I can think of few options here (basically restating what has been said
already) :
- Black hole routing on ISP side - just makes the client unreachable
outside ISP , available everywhere,
free. Not really a protection as aids the attacker in achieving his goal -
shutting down the client
- Managed
Having a love-and-hate relationship with Checkpoint firewalls after working
for 6 years daily with them I am
probably biased :), but will say they are great firewalls once you know to
work with them .
If you are completely new to it I'd recommend Checkpoint CCSA/CCSE from
accredited APT course as
Having seen few hundreds BGP peerings with internal clients as well as with
uplink providers cannot
recall anyone ever even trying to use such features. And given that both
were created back in late 90s early 2000s we can safely assume these
technologies (S-BGP/soBGP) will stay just that -
Let me disagree - Pakistan Youtube was possible only because their uplink
provider did NOT implement inbound route filters . As always the weakest
link is human factor - and no super-duper newest technology is ever to help
here .
As regards to S-bgp/soBGP from technical point of view , wait for
Thanks for sharing,
Note of caution - there is a mess going on with this blocking so if some IP
range/domain is not in any list it doesn't necessary mean it is not
blocked. Lists are created/updated pretty sporadically (e.g. the list does
not say so but there are reports of blocked DigitalOCean
5 matches
Mail list logo
