[172641] in North American Network Operators' Group
RE: Team Cymru / Spamhaus
daemon@ATHENA.MIT.EDU (SysIT)
Fri Jun 27 13:05:06 2014
X-Original-To: nanog@nanog.org
From: SysIT <IT@SysAccess.net>
To: Adam Greene <maillist@webjogger.net>, 'NANOG list' <nanog@nanog.org>
Date: Fri, 27 Jun 2014 15:22:47 +0000
In-Reply-To: <01c301cf921a$f1d61d60$d5825820$@webjogger.net>
Errors-To: nanog-bounces@nanog.org
That wont stop a DoS.
A DoS or DDoS is pure bandwidth wars for the most part, if someone is to Do=
S you, they already have your IP's and urls they need to attack you, thus a=
spam list won't stop an attack.
If you want to minimize actual spam, sure.
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Adam Greene
Sent: Friday, June 27, 2014 9:18 AM
To: 'NANOG list'
Subject: Team Cymru / Spamhaus
Hi all,
=20
We're evaluating whether to add BGP feeds from these two sources in attempt=
to minimize exposure to DoS.
=20
The Team Cymru BOGON list (
http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
)
looks promising and common-sense.=20
=20
We already filter RFC1918 inbound at our edge, and are interested to see if=
adding the rest of the blocks will have a significant positive effect.
=20
If it does, we're planning to try the IPv4 FULLBOGON list:
=20
http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
=20
We're a little more leery about trying Spamhaus's BGPf service (DROP, EDROP=
and BCL,=20
=20
http://www.spamhaus.org/bgpf/
)
=20
because we really want to avoid false positives.=20
=20
Just wondering if anyone has any words of caution ("False positives! Avoid =
FULLBOGONS and Spamhaus!"), or words of praise ("Do it all! These services =
are wonderful!") before we take the plunge.
=20
Thanks,
Adam
