Spamhaus BGP feed experiences?
Matthias Leisi
matthias at leisi.net
Wed May 20 20:37:29 UTC 2015
At dnswl.org <http://dnswl.org/> we check our data against the DROP list every once in a while. The overlap of DROP with legitimate sources of SMTP traffic is very, very small: a low single-digit number, and most of them are crappy to start with (so we don’t publish them, but only keep them in our database for reference purposes).
— Matthias
> Am 19.05.2015 um 20:38 schrieb Max Tulyev <maxtul at netassist.ua>:
>
> How much false positives (i.e. blackholing traffic users want to reach)?
>
> On 18.05.15 21:04, Marco d'Itri wrote:
>> On May 17, Mike Lyon <mike.lyon at gmail.com> wrote:
>>
>>> Any ISPs out there (big or small) ever used the Spamhaus BGP feed to
>>> prevent against botnet, spam, etc? If so, how has your experience been? Is
>>> it worthwhile? Has it helped? On / off list responses are appreciated in
>>> advance.
>> We use Spamhaus DROP (not the BGP version: our software asks a human to
>> review each change).
>> The benefits are not obvious since we do not have access customers, but
>> it will blackhole some networks you obviously do not want to talk to,
>> and it has not caused any troubles either.
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4109 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20150520/a0d1468a/attachment.bin>
More information about the NANOG
mailing list