Re: Team Cymru / Spamhaus

["Paul S." <contact () winterei se>]

+1, blanket banning is probably not the best way to go.

On 6/28/2014 午前 05:40, Jon Lewis wrote:
> On Fri, 27 Jun 2014, Adam Greene wrote:
>
> > We're evaluating whether to add BGP feeds from these two sources in 
> > attempt
> > to minimize exposure to DoS.
> >
> > The Team Cymru BOGON list (
> >
> > http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
> >
> > http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
>
> These really won't do anything to stop DoS attacks. Common DDoS attack 
> traffic these days comes via reflection from non-spoofed sources 
> replying to a spoofed public IP target.
>
> > http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
>
> Same here. Whether or not its worth null routing unallocated IP space 
> may be debatable, but again, it't not going to help protect you from a 
> typical real DDoS.
>
> > We're a little more leery about trying Spamhaus's BGPf service (DROP, 
> > EDROP
> > and BCL,
> >
> > http://www.spamhaus.org/bgpf/
>
> This is more about stopping spam from entering your network and 
> stopping compromised hosts on your network from becoming active in 
> botnets (by cutting off their command and control).
>
> ----------------------------------------------------------------------
> Jon Lewis, MCP :) | I route
> | therefore you are
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________