On 9 January 2014 01:25, ISP Services <nanog@isp-services.nl> wrote:
Hi,
I am wondering if anyone here has experiences with the Spamhaus DROP, EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes which contain (only) mallicious users.
We currently already use a Team Cymru feed for null routing bogons. Would you reckon that the Spamhaus lists offer many valid additions to the Team Cymru feeds? Did you have any disputes about prefixes that are announced as malicious use by Spamhaus with customers or other ISP's?
Any responses, on or off list are appreciated.
At a previous employer we used both the Team Cymru feed and the Spamhaus DROP and EDROP lists to block badness and about twice a year at first we’d see our own customers listed on the Team Cymru lists then we’d see none in the year. I was at that place for over 10 years. The Team Cymru list was enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about 3-4 years ago. The Spamhaus DROP and EDROP lists never listed our own customers and just seemed to list serious badness with no false positive issues that I can recall. At first we used the /32’s on the DROP and EDROP lists only and then later we started allowing the larger prefixes into our routing without any disputes or false positives. -- Landon Stewart <LandonStewart@Gmail.com>