[168274] in North American Network Operators' Group
Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
daemon@ATHENA.MIT.EDU (Curtis Doty)
Thu Jan 16 16:14:14 2014
In-Reply-To: <20140116190459.70093.qmail@joyce.lan>
Date: Thu, 16 Jan 2014 13:06:14 -0800
From: Curtis Doty <Curtis@GreenKey.net>
To: John Levine <johnl@iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 16, 2014 at 11:04 AM, John Levine <johnl@iecc.com> wrote:
> If you're a tiny little network, you can
> use the public DNS servers for the BL lookups, and you can
> FTP the text version of DROP and turn in into firewall
> rules or whatever. That's what I do (hack perl scripts
> available on request.)
>
Here's working Bash script to sync the freely available DROP/EDROP lists
into a quagga/linux route server. https://gist.github.com/dotysan/8463112
I ran that awhile back without issue. But not anymore. Last year I added
the $250/yr BOTNETCC list which is BGP-only. And it was too convenient to
move the DROP/EDROP lists into BGP for an additional $250.
It works as advertized. The BOTNETCC list is only v4/32s and more dynamic
than the other lists. It's up to you to set it up correctly so an accident
doesn't blackhole your own prefixes...or favorite offshore gambling site.
:-p
../C
