Jens Ott - PlusServer AG wrote:
Therefore I had the following idea: Why not taking one of my old routers and set it up as blackhole-service. Then everyone who is interested could set up a session to there and
I do something similar on our network with a RTBH trigger router. I peer with it from my edges that are capable of handling that many BGP routes. I feed into it hosts that scan our networks looking for running SSH daemons and open proxies on specific default ports. With uRPF on all our edges it will drop traffic whether the target IP is the source or the destination. Works slick. The Cisco Press "Router Security Strategies" book has good examples. A trustworthy source for BGP blacklists of sorts would be an excellent thing IMHO. I'd love to be able to reliably drop traffic from malicious hosts before they scan our network and end up in my netflow logs. Trust would be a big issue though. Justin