[172645] in North American Network Operators' Group
Re: Team Cymru / Spamhaus
daemon@ATHENA.MIT.EDU (Jon Lewis)
Fri Jun 27 16:40:22 2014
X-Original-To: nanog@nanog.org
Date: Fri, 27 Jun 2014 16:40:12 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: Adam Greene <maillist@webjogger.net>
In-Reply-To: <01c301cf921a$f1d61d60$d5825820$@webjogger.net>
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, 27 Jun 2014, Adam Greene wrote:
> We're evaluating whether to add BGP feeds from these two sources in attempt
> to minimize exposure to DoS.
>
> The Team Cymru BOGON list (
>
> http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
>
> http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
These really won't do anything to stop DoS attacks. Common DDoS attack
traffic these days comes via reflection from non-spoofed sources replying
to a spoofed public IP target.
> http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
Same here. Whether or not its worth null routing unallocated IP space may
be debatable, but again, it't not going to help protect you from a
typical real DDoS.
> We're a little more leery about trying Spamhaus's BGPf service (DROP, EDROP
> and BCL,
>
> http://www.spamhaus.org/bgpf/
This is more about stopping spam from entering your network and stopping
compromised hosts on your network from becoming active in botnets (by
cutting off their command and control).
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
