[179998] in North American Network Operators' Group
Re: Spamhaus BGP feed experiences?
daemon@ATHENA.MIT.EDU (John Levine)
Tue May 19 15:02:21 2015
X-Original-To: nanog@nanog.org
Date: 19 May 2015 19:01:55 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <555B8313.5080400@netassist.ua>
Errors-To: nanog-bounces@nanog.org
In article <555B8313.5080400@netassist.ua> you write:
>How much false positives (i.e. blackholing traffic users want to reach)?
Very little. The DROP list, which is what's in the BGP feed, is a
small subset of the SBL, and only includes blocks that send no
legitimate traffic at all.
>
>On 18.05.15 21:04, Marco d'Itri wrote:
>> On May 17, Mike Lyon <mike.lyon@gmail.com> wrote:
>>
>>> Any ISPs out there (big or small) ever used the Spamhaus BGP feed to
>>> prevent against botnet, spam, etc? If so, how has your experience been? Is
>>> it worthwhile? Has it helped? On / off list responses are appreciated in
>>> advance.
>> We use Spamhaus DROP (not the BGP version: our software asks a human to
>> review each change).
>> The benefits are not obvious since we do not have access customers, but
>> it will blackhole some networks you obviously do not want to talk to,
>> and it has not caused any troubles either.
>>
>
