[Emerging-Sigs] RBN signatures:

Jeremy cjeremy at gmail.com
Fri Feb 15 11:52:13 EST 2008 

The efficiency/capacity ceiling is going to vary per Cisco device, as
your not limited to a specific number of routes but you are limited by
how much memory you have installed.  Using Null0 routes would be more
efficient on the hardware in my opinion than creating ACLs as there is
no response sent back for a null routed packet.  I would be a
supporter for publishing a Null0 route file for Cisco devices.  As far
as syntax goes I would think this would work:

ip route [BAD_IP] [MASK] Null0

So if you had the indivdual ip of 10.10.10.1 then it would look like this:

ip route 10.10.10.1 255.255.255.255 Null0

--jeremy


On Mon, Feb 11, 2008 at 6:35 PM, Matt Jonkman <jonkman at jonkmans.com> wrote:
> Ya, that's an idea!
>
>  Anyone know if there's an efficiency ceiling for the number of null
>  routes on a cisco? Anyone have a sample of what the best format would be?
>
>  matt
>
>
>  David Glosser wrote:
>  > On another note, wouldn't a list of null routes for the storm IPs be
>  > useful to install on border routers and added to
>  >
>  > http://www.emergingthreats.net/fwrules/ ?
>  >
>  >
>  >
>  > On Feb 11, 2008 6:12 PM, Michael Scheidell <scheidell at secnap.net
>
> > <mailto:scheidell at secnap.net>> wrote:
>  >
>  >     would it be easier to submit a list of netblocks NOT 0wn8d by RBN?  :-)
>  >
>  >     They seem EVERYWHERE, including US based ISP's who seem to be
>  >     oblivious to the criminal nature of their clients.
>  >
>  >     --
>  >     Michael Scheidell, CTO
>  >     Main: 561-999-5000, Office: 561-939-7259
>  >     > *| *SECNAP Network Security Corporation
>  >     Winner 2008 Technosium hot company award.
>  >     www.technosium.com/hotcompanies/
>  >     <http://www.technosium.com/hotcompanies/>
>
> >
>  >
>  >     ------------------------------------------------------------------------
>  >     This email has been scanned and certified safe by SpammerTrap™.
>  >     For Information please see www.spammertrap.com
>  >     <http://www.spammertrap.com>
>
> >     ------------------------------------------------------------------------
>  >
>  >
>  >     _______________________________________________
>  >     Emerging-sigs mailing list
>  >     Emerging-sigs at emergingthreats.net
>  >     <mailto:Emerging-sigs at emergingthreats.net>
>
> >     http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>  >
>  >
>  >
>  > ------------------------------------------------------------------------
>
> >
>  > _______________________________________________
>  > Emerging-sigs mailing list
>  > Emerging-sigs at emergingthreats.net
>  > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
>
> --
>  --------------------------------------------
>  Matthew Jonkman
>  Emerging Threats
>  Phone 765-429-0398
>  Fax 312-264-0205
>  http://www.emergingthreats.net
>  --------------------------------------------
>
>  PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>  _______________________________________________
>
>
> Emerging-sigs mailing list
>  Emerging-sigs at emergingthreats.net
>  http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>

More information about the Emerging-sigs mailing list