Blackhole routing

Info at: https://www.spamhaus.org/drop/

Run this script from /etc/cron.daily on your routers/servers and it will reduce malicious traffic a lot. The Drop list includes large blocks of unsafe/hijacked networks on the internet.

#!/bin/sh

#
# Update Spamhaus DROP (Don't Route Or Peer) list
# More info at https://www.spamhaus.org/drop/
#
CURLIST='/tmp/drop.lasso.cur'
NEWLIST='/tmp/drop.lasso.new'
URL=http://www.spamhaus.org/drop/drop.txt
touch $NEWLIST

# Fetch the new blacklist
wget -q -O - $URL | cut -d" " -f1 | sort -n > $NEWLIST

# Check if downloaded file isn't empty
if [ ! -s "$NEWLIST" ]; then
        echo "Downloaded drop.txt is empty"
        exit
fi

# Current black list
ip route show | grep lo | cut -d" " -f1 | sort -n > $CURLIST

# Find the removed networks
DELLIST=`diff -I"^;" $NEWLIST $CURLIST | grep '^>' | cut -d" " -f2`

# Find the added networks
ADDLIST=`diff -I"^;" $NEWLIST $CURLIST | grep '^<' | cut -d" " -f2`

#
# Remove (obsolete) blackholed networks
#
for NET in $DELLIST
do
        echo "Delete blackhole $NET"
        ip route del $NET dev lo
done

#
# Add new blackholed networks
#
for NET in $ADDLIST
do
        echo "Add blackhole $NET"
        ip route add $NET dev lo
done
Topic revision: r3 - 19 May 2017, AdminUser - This page was cached on 29 Jun 2017 - 20:36.

This site is powered by FoswikiCopyright © by Eddy Vervest