On 9 January 2014 01:25, ISP Services <[email protected]> wrote: > Hi, > > I am wondering if anyone here has experiences with the Spamhaus DROP, > EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes > which contain (only) mallicious users. > > http://www.spamhaus.org/bgpf/ > > We currently already use a Team Cymru feed for null routing bogons. Would > you reckon that the Spamhaus lists offer many valid additions to the Team > Cymru feeds? Did you have any disputes about prefixes that are announced as > malicious use by Spamhaus with customers or other ISP's? > > Any responses, on or off list are appreciated. >
At a previous employer we used both the Team Cymru feed and the Spamhaus DROP and EDROP lists to block badness and about twice a year at first we’d see our own customers listed on the Team Cymru lists then we’d see none in the year. I was at that place for over 10 years. The Team Cymru list was enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about 3-4 years ago. The Spamhaus DROP and EDROP lists never listed our own customers and just seemed to list serious badness with no false positive issues that I can recall. At first we used the /32’s on the DROP and EDROP lists only and then later we started allowing the larger prefixes into our routing without any disputes or false positives. -- Landon Stewart <[email protected]>
