Something like http://www.cisco.com/en/US/products/ps5888/index.html? Matt. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Bill Stewart Sent: 01 October 2004 08:23 To: Eric Germann; nanog@merit.edu Subject: Re: Blackhole Routes On Thu, 30 Sep 2004 10:35:36 -0400, Eric Germann <ekgermann@cctec.com> wrote:
What I would to see (and have never researched in depth) is a way to apply the blackhole routes on a community to port basis (i.e. we set up a specific BGP community to filter mail, and that community goes to a route map that kills only port 25, another community applies to a map that kills port 80,
A not particularly scalable method of doing that, which should be ok for small data flows, is to set up routers port25killer.example.net, a port80killer.example.net, etc., with ACLs that block those ports regardless of address, use BGP or OSPF to advertise whichever IP address spaces should be routed there, and set up those machines in whatever sort of firewalling location makes sense. It's more of an enterprise solution than an ISP solution, but if you're a small ISP or dealing with a relatively specific set of problem sites you could probably do it. You may need to burn some CPE on GRE tunnels, depending on your topology, but if you're trying to solve a limited problem like letting your users access Korean web sites while blocking Korean email, it may work. ------------------------------------------------------------------------------ Live Life in Broadband www.telewest.co.uk The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. ==============================================================================
participants (1)
-
Matt Ryan