nanog mailing list archives
Re: Team Cymru / Spamhaus
From: Jon Lewis <jlewis () lewis org>
Date: Fri, 27 Jun 2014 16:40:12 -0400 (EDT)
On Fri, 27 Jun 2014, Adam Greene wrote:
We're evaluating whether to add BGP feeds from these two sources in attempt to minimize exposure to DoS. The Team Cymru BOGON list ( http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
These really won't do anything to stop DoS attacks. Common DDoS attack traffic these days comes via reflection from non-spoofed sources replying to a spoofed public IP target.
http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
Same here. Whether or not its worth null routing unallocated IP space may be debatable, but again, it't not going to help protect you from a typical real DDoS.
We're a little more leery about trying Spamhaus's BGPf service (DROP, EDROP and BCL, http://www.spamhaus.org/bgpf/
This is more about stopping spam from entering your network and stopping compromised hosts on your network from becoming active in botnets (by cutting off their command and control).
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Team Cymru / Spamhaus Adam Greene (Jun 27)
- Re: Team Cymru / Spamhaus Paul Ferguson (Jun 27)
- RE: Team Cymru / Spamhaus SysIT (Jun 27)
- Message not available
- RE: Team Cymru / Spamhaus SysIT (Jun 27)
- Message not available
- Re: Team Cymru / Spamhaus Jon Lewis (Jun 27)
- Re: Team Cymru / Spamhaus Matthias Leisi (Jun 27)
- Re: Team Cymru / Spamhaus Paul S. (Jun 27)