Re: Team Cymru / Spamhaus

[Paul Ferguson <fergdawgster () mykolab com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Could I also encourage you to do anti-spoofing filtering, a la BCP38?

- - ferg

On 6/27/2014 8:17 AM, Adam Greene wrote:

> Hi all,
>
>
>
> We're evaluating whether to add BGP feeds from these two sources in
> attempt to minimize exposure to DoS.
>
>
>
> The Team Cymru BOGON list (
>
> http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
>
> http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
>
> )
>
> looks promising and common-sense.
>
>
>
> We already filter RFC1918 inbound at our edge, and are interested
> to see if adding the rest of the blocks will have a significant
> positive effect.
>
>
>
> If it does, we're planning to try the IPv4 FULLBOGON list:
>
>
>
> http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
>
>
>
> We're a little more leery about trying Spamhaus's BGPf service
> (DROP, EDROP and BCL,
>
>
>
> http://www.spamhaus.org/bgpf/
>
> )
>
>
>
> because we really want to avoid false positives.
>
>
>
> Just wondering if anyone has any words of caution ("False
> positives! Avoid FULLBOGONS and Spamhaus!"), or words of praise
> ("Do it all! These services are wonderful!") before we take the
> plunge.
>
>
>
> Thanks,
>
> Adam


- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlOtj3kACgkQKJasdVTchbI5hQD/f0DsWNUsebLOX1Io8MqPWmAl
JnlMX5cRxNxXgSNEAnoBAMuXCeSHCJvI8jsL6PaGTbh2GA6uktcYpOEfnlG5xfLC
=DmDv
-----END PGP SIGNATURE-----