A particular AS out there, the one for the Russian Business Network, AS40989, is a source of most of the worms, trojans, bots, etc. that have plagued all of us over the years.
Recently, they've launched a 0-day exploit of PDF files.
I've been asked to configure a way to get rid of all traffic to and from any networks in this AS. Here's my take on the inbound stuff (below). How do I make sure we're not sending anything out to networks in this AS?
router bgp 65123
neighbor 18.104.22.168 route-map Hacker-Defense
route-map Hacker-Defense permit 10
match as-path 10
set interface Null0
route-map Hacker-Defense permit 20
match as-path 20
ip as-path access-list 10 permit _40989_
ip as-path access-list 10 permit ^40989 .*
ip as-path access-list 20 permit .*