nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

From: Landon <landonstewart () gmail com>
Date: Thu, 9 Jan 2014 10:52:52 -0800
On 9 January 2014 01:25, ISP Services <nanog () isp-services nl> wrote:


Hi,

I am wondering if anyone here has experiences with the Spamhaus DROP,
EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes
which contain (only) mallicious users.

http://www.spamhaus.org/bgpf/

We currently already use a Team Cymru feed for null routing bogons. Would
you reckon that the Spamhaus lists offer many valid additions to the Team
Cymru feeds? Did you have any disputes about prefixes that are announced as
malicious use by Spamhaus with customers or other ISP's?

Any responses, on or off list are appreciated.



At a previous employer we used both the Team Cymru feed and the Spamhaus
DROP and EDROP lists to block badness and about twice a year at first we’d
see our own customers listed on the Team Cymru lists then we’d see none in
the year. I was at that place for over 10 years.  The Team Cymru list was
enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about
3-4 years ago.

The Spamhaus DROP and EDROP lists never listed our own customers and just
seemed to list serious badness with no false positive issues that I can
recall.  At first we used the /32’s on the DROP and EDROP lists only and
then later we started allowing the larger prefixes into our routing without
any disputes or false positives.

-- 
Landon Stewart <LandonStewart () Gmail com>
Previous By Date Next
Previous By Thread Next

Current thread: