[172646] in North American Network Operators' Group
Re: Team Cymru / Spamhaus
daemon@ATHENA.MIT.EDU (Matthias Leisi)
Fri Jun 27 17:05:21 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.61.1406271629490.10544@soloth.lewis.org>
From: Matthias Leisi <matthias@leisi.net>
Date: Fri, 27 Jun 2014 23:04:51 +0200
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, Jun 27, 2014 at 10:40 PM, Jon Lewis <jlewis@lewis.org> wrote:
>> We're a little more leery about trying Spamhaus's BGPf service (DROP,
>> EDROP
>> and BCL,
>>
>> http://www.spamhaus.org/bgpf/
>
>
> This is more about stopping spam from entering your network and stopping
> compromised hosts on your network from becoming active in botnets (by
> cutting off their command and control).
Not quite.
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic"
lists, consisting of netblocks that are "hijacked" or leased by professional
spam or cyber-crime operations (used for dissemination of malware,
trojan downloaders, botnet controllers). The DROP and EDROP lists are
a tiny subset of the SBL, designed for use by firewalls and routing
equipment to filter out the malicious traffic from these netblocks.
(Source: http://www.spamhaus.org/drop/, linked from the URL quoted above)
-- Matthias
