[172637] in North American Network Operators' Group
Re: Team Cymru / Spamhaus
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Fri Jun 27 11:36:49 2014
X-Original-To: nanog@nanog.org
Date: Fri, 27 Jun 2014 08:36:25 -0700
From: Paul Ferguson <fergdawgster@mykolab.com>
To: Adam Greene <maillist@webjogger.net>
In-Reply-To: <01c301cf921a$f1d61d60$d5825820$@webjogger.net>
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Could I also encourage you to do anti-spoofing filtering, a la BCP38?
- - ferg
On 6/27/2014 8:17 AM, Adam Greene wrote:
> Hi all,
>
>
>
> We're evaluating whether to add BGP feeds from these two sources in
> attempt to minimize exposure to DoS.
>
>
>
> The Team Cymru BOGON list (
>
> http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
>
> http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
>
> )
>
> looks promising and common-sense.
>
>
>
> We already filter RFC1918 inbound at our edge, and are interested
> to see if adding the rest of the blocks will have a significant
> positive effect.
>
>
>
> If it does, we're planning to try the IPv4 FULLBOGON list:
>
>
>
> http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
>
>
>
> We're a little more leery about trying Spamhaus's BGPf service
> (DROP, EDROP and BCL,
>
>
>
> http://www.spamhaus.org/bgpf/
>
> )
>
>
>
> because we really want to avoid false positives.
>
>
>
> Just wondering if anyone has any words of caution ("False
> positives! Avoid FULLBOGONS and Spamhaus!"), or words of praise
> ("Do it all! These services are wonderful!") before we take the
> plunge.
>
>
>
> Thanks,
>
> Adam
>
>
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlOtj3kACgkQKJasdVTchbI5hQD/f0DsWNUsebLOX1Io8MqPWmAl
JnlMX5cRxNxXgSNEAnoBAMuXCeSHCJvI8jsL6PaGTbh2GA6uktcYpOEfnlG5xfLC
=DmDv
-----END PGP SIGNATURE-----
