SpamHaus Drop List
md at Linux.IT
Thu Aug 23 17:11:26 UTC 2007
On Aug 23, Paul Vixie <paul at vix.com> wrote:
> > Does anyone use spamhaus drop list ?
> > http://www.spamhaus.org/drop/index.lasso
> i do.
Me too, since a couple of years.
I do not have any negative issues to report and I encourage everybody
who cares about their customers to filter the routes listed in DROP.
> > I'm glad to listen opinions or experience.
> no false positives yet. mostly seems to drop inbound tcp/53.
I know that DROP blocks some name servers used by pharming gangs. E.g.:
A customer of mine found out that he was infected by this malware when
he noticed that he could not resolve anymore his web sites hosted on my
network. My authoritative name servers are protected by DROP and the
recursive name servers configured by the malware (126.96.36.199 and
others in that /20) were not able to reach them.
More information about the NANOG