Team Cymru / Spamhaus

• Previous message (by thread): Advice on BGP + uCARP setup on 2 Debian Gateways
• Next message (by thread): Team Cymru / Spamhaus
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

 

We're evaluating whether to add BGP feeds from these two sources in attempt
to minimize exposure to DoS.

 

The Team Cymru BOGON list (

http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or

http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt

)

looks promising and common-sense. 

 

We already filter RFC1918 inbound at our edge, and are interested to see if
adding the rest of the blocks will have a significant positive effect.

 

If it does, we're planning to try the IPv4 FULLBOGON list:

 

http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt

 

We're a little more leery about trying Spamhaus's BGPf service (DROP, EDROP
and BCL, 

 

http://www.spamhaus.org/bgpf/

)

 

because we really want to avoid false positives. 

 

Just wondering if anyone has any words of caution ("False positives! Avoid
FULLBOGONS and Spamhaus!"), or words of praise ("Do it all! These services
are wonderful!") before we take the plunge.

 

Thanks,

Adam

• Previous message (by thread): Advice on BGP + uCARP setup on 2 Debian Gateways
• Next message (by thread): Team Cymru / Spamhaus
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]