Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
landonstewart at gmail.com
Thu Jan 9 18:52:52 UTC 2014
On 9 January 2014 01:25, ISP Services <nanog at isp-services.nl> wrote:
> I am wondering if anyone here has experiences with the Spamhaus DROP,
> EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes
> which contain (only) mallicious users.
> We currently already use a Team Cymru feed for null routing bogons. Would
> you reckon that the Spamhaus lists offer many valid additions to the Team
> Cymru feeds? Did you have any disputes about prefixes that are announced as
> malicious use by Spamhaus with customers or other ISP's?
> Any responses, on or off list are appreciated.
At a previous employer we used both the Team Cymru feed and the Spamhaus
DROP and EDROP lists to block badness and about twice a year at first we’d
see our own customers listed on the Team Cymru lists then we’d see none in
the year. I was at that place for over 10 years. The Team Cymru list was
enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about
3-4 years ago.
The Spamhaus DROP and EDROP lists never listed our own customers and just
seemed to list serious badness with no false positive issues that I can
recall. At first we used the /32’s on the DROP and EDROP lists only and
then later we started allowing the larger prefixes into our routing without
any disputes or false positives.
Landon Stewart <LandonStewart at Gmail.com>
More information about the NANOG