Blocking lists of transparent proxies etc

Unanswered Question
Sep 26th, 2007
User Badges:

Hi,


I'd be very interested how others deal with blocking lists of known bad guys, transparent proxies etc. I know there are IP lists that can be obtained from various places, one that I recently saw has over 500k entries..


That's obviously not suitable for an edge ACL or null routing.


How do others deal with blocking very large lists of IPs, or do you just not do this?


I'd be particularly interested in solutions involving F5 BigIPs, FWSM or ASA.


Cheers,

George

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Wed, 09/26/2007 - 05:24
User Badges:
  • Blue, 1500 points or more

I used IPS devices inline to block all addresses from China. IPS units are already examining every packet. I didn't want the routers to do it because they were already running full BGP routing tables. That would have been too much overhead for the PIX515e's in place at this particular location.

There weren't even close to 500k entries though.

Actions

This Discussion