Skip to Main Content
For purposes of network management or for other reasons, it may be advantageous to consider a simplified method for controlling the access to some specific network prefixes. The traditional method are using access-list in router or installing software with the black list in client computer to permit or deny the request to the specified network prefixes. But those methods blocking the access to the target network have the limitation of slow responding and complicated procedure. In this paper, we propose an engineering approach to achieve the management objective - to block the access to the specific network address. Our solution uses BGP protocol, which is supported by major routers in the Internet. We propose the network address block system, the address distribution system and network block point system in our solution. The deployment of the prototype system showed that: after the verification of reported bad network address, the system can be achieved to distribute the target network address to all block points in second-class and block the target network address fast. The method can be deployed in ISP networks to effectively prevent the spread of bad information.
Date of Conference: 23-25 March 2012