[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
- Subject: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
- From: landonstewart at gmail.com (Landon)
- Date: Thu, 9 Jan 2014 10:52:52 -0800
- In-reply-to: <[email protected]>
- References: <[email protected]>
On 9 January 2014 01:25, ISP Services <nanog at isp-services.nl> wrote:
> Hi,
>
> I am wondering if anyone here has experiences with the Spamhaus DROP,
> EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes
> which contain (only) mallicious users.
>
> http://www.spamhaus.org/bgpf/
>
> We currently already use a Team Cymru feed for null routing bogons. Would
> you reckon that the Spamhaus lists offer many valid additions to the Team
> Cymru feeds? Did you have any disputes about prefixes that are announced as
> malicious use by Spamhaus with customers or other ISP's?
>
> Any responses, on or off list are appreciated.
>
At a previous employer we used both the Team Cymru feed and the Spamhaus
DROP and EDROP lists to block badness and about twice a year at first we?d
see our own customers listed on the Team Cymru lists then we?d see none in
the year. I was at that place for over 10 years. The Team Cymru list was
enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about
3-4 years ago.
The Spamhaus DROP and EDROP lists never listed our own customers and just
seemed to list serious badness with no false positive issues that I can
recall. At first we used the /32?s on the DROP and EDROP lists only and
then later we started allowing the larger prefixes into our routing without
any disputes or false positives.
--
Landon Stewart <LandonStewart at Gmail.com>