Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

Landon landonstewart at gmail.com
Thu Jan 9 18:52:52 UTC 2014

On 9 January 2014 01:25, ISP Services <nanog at isp-services.nl> wrote:

> Hi,
> I am wondering if anyone here has experiences with the Spamhaus DROP,
> EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes
> which contain (only) mallicious users.
> http://www.spamhaus.org/bgpf/
> We currently already use a Team Cymru feed for null routing bogons. Would
> you reckon that the Spamhaus lists offer many valid additions to the Team
> Cymru feeds? Did you have any disputes about prefixes that are announced as
> malicious use by Spamhaus with customers or other ISP's?
> Any responses, on or off list are appreciated.

At a previous employer we used both the Team Cymru feed and the Spamhaus
DROP and EDROP lists to block badness and about twice a year at first we’d
see our own customers listed on the Team Cymru lists then we’d see none in
the year. I was at that place for over 10 years.  The Team Cymru list was
enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about
3-4 years ago.

The Spamhaus DROP and EDROP lists never listed our own customers and just
seemed to list serious badness with no false positive issues that I can
recall.  At first we used the /32’s on the DROP and EDROP lists only and
then later we started allowing the larger prefixes into our routing without
any disputes or false positives.

Landon Stewart <LandonStewart at Gmail.com>

More information about the NANOG mailing list