-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Could I also encourage you to do anti-spoofing filtering, a la BCP38? - - ferg On 6/27/2014 8:17 AM, Adam Greene wrote:
Hi all,
We're evaluating whether to add BGP feeds from these two sources in attempt to minimize exposure to DoS.
The Team Cymru BOGON list (
http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
)
looks promising and common-sense.
We already filter RFC1918 inbound at our edge, and are interested to see if adding the rest of the blocks will have a significant positive effect.
If it does, we're planning to try the IPv4 FULLBOGON list:
http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
We're a little more leery about trying Spamhaus's BGPf service (DROP, EDROP and BCL,
)
because we really want to avoid false positives.
Just wondering if anyone has any words of caution ("False positives! Avoid FULLBOGONS and Spamhaus!"), or words of praise ("Do it all! These services are wonderful!") before we take the plunge.
Thanks,
Adam
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlOtj3kACgkQKJasdVTchbI5hQD/f0DsWNUsebLOX1Io8MqPWmAl JnlMX5cRxNxXgSNEAnoBAMuXCeSHCJvI8jsL6PaGTbh2GA6uktcYpOEfnlG5xfLC =DmDv -----END PGP SIGNATURE-----