nanog mailing list archives

Re: Spamhaus BGP feed experiences?

From: "John Levine" <johnl () iecc com>
Date: 19 May 2015 19:01:55 -0000

In article <555B8313.5080400 () netassist ua> you write:

How much false positives (i.e. blackholing traffic users want to reach)?


Very little.  The DROP list, which is what's in the BGP feed, is a
small subset of the SBL, and only includes blocks that send no
legitimate traffic at all.


On 18.05.15 21:04, Marco d'Itri wrote:

On May 17, Mike Lyon <mike.lyon () gmail com> wrote:

Any ISPs out there (big or small) ever used the Spamhaus BGP feed to
prevent against botnet, spam, etc? If so, how has your experience been? Is
it worthwhile? Has it helped? On / off list responses are appreciated in
advance.

We use Spamhaus DROP (not the BGP version: our software asks a human to 
review each change).
The benefits are not obvious since we do not have access customers, but 
it will blackhole some networks you obviously do not want to talk to,
and it has not caused any troubles either.

Current thread:

Spamhaus BGP feed experiences? Mike Lyon (May 16)
- Re: Spamhaus BGP feed experiences? Marco d'Itri (May 18)
  - Re: Spamhaus BGP feed experiences? Max Tulyev (May 19)
    - Re: Spamhaus BGP feed experiences? John Levine (May 19)
    - Re: Spamhaus BGP feed experiences? Matthias Leisi (May 20)
- Re: Spamhaus BGP feed experiences? Frederik Kriewitz (May 19)