SpamHaus Drop List

• Previous message (by thread): SpamHaus Drop List
• Next message (by thread): SpamHaus Drop List
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 23, Paul Vixie <paul at vix.com> wrote:

> > Does anyone use spamhaus drop list ?
> > http://www.spamhaus.org/drop/index.lasso
> i do.
Me too, since a couple of years.
I do not have any negative issues to report and I encourage everybody
who cares about their customers to filter the routes listed in DROP.

> > I'm glad to listen opinions or experience.
> no false positives yet.  mostly seems to drop inbound tcp/53.
I know that DROP blocks some name servers used by pharming gangs. E.g.:
http://isc.sans.org/diary.html?storyid=1872
http://isc.sans.org/diary.html?storyid=997

A customer of mine found out that he was infected by this malware when
he noticed that he could not resolve anymore his web sites hosted on my
network. My authoritative name servers are protected by DROP and the
recursive name servers configured by the malware (85.255.116.20 and
others in that /20) were not able to reach them.

-- 
ciao,
Marco

• Previous message (by thread): SpamHaus Drop List
• Next message (by thread): SpamHaus Drop List
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]