On Fri, 27 Jun 2014, Adam Greene wrote:
We're evaluating whether to add BGP feeds from these two sources in attempt to minimize exposure to DoS.
The Team Cymru BOGON list (
http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
These really won't do anything to stop DoS attacks. Common DDoS attack traffic these days comes via reflection from non-spoofed sources replying to a spoofed public IP target.
http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
Same here. Whether or not its worth null routing unallocated IP space may be debatable, but again, it't not going to help protect you from a typical real DDoS.
We're a little more leery about trying Spamhaus's BGPf service (DROP, EDROP and BCL,
This is more about stopping spam from entering your network and stopping compromised hosts on your network from becoming active in botnets (by cutting off their command and control). ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________