Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
Hi, I am wondering if anyone here has experiences with the Spamhaus DROP, EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes which contain (only) mallicious users. http://www.spamhaus.org/bgpf/ We currently already use a Team Cymru feed for null routing bogons. Would you reckon that the Spamhaus lists offer many valid additions to the Team Cymru feeds? Did you have any disputes about prefixes that are announced as malicious use by Spamhaus with customers or other ISP's? Any responses, on or off list are appreciated. Thanks, Dennis Hagens Network Engineer AS 24875
On 9 January 2014 01:25, ISP Services <nanog@isp-services.nl> wrote:
Hi,
I am wondering if anyone here has experiences with the Spamhaus DROP, EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes which contain (only) mallicious users.
We currently already use a Team Cymru feed for null routing bogons. Would you reckon that the Spamhaus lists offer many valid additions to the Team Cymru feeds? Did you have any disputes about prefixes that are announced as malicious use by Spamhaus with customers or other ISP's?
Any responses, on or off list are appreciated.
At a previous employer we used both the Team Cymru feed and the Spamhaus DROP and EDROP lists to block badness and about twice a year at first we’d see our own customers listed on the Team Cymru lists then we’d see none in the year. I was at that place for over 10 years. The Team Cymru list was enabled 8 years ago now and Spamhaus DROP and DROP lists were enabled about 3-4 years ago. The Spamhaus DROP and EDROP lists never listed our own customers and just seemed to list serious badness with no false positive issues that I can recall. At first we used the /32’s on the DROP and EDROP lists only and then later we started allowing the larger prefixes into our routing without any disputes or false positives. -- Landon Stewart <LandonStewart@Gmail.com>
We're also interested in using their BGP feeds, but their website ( spamhaustech.com) doesn't give much confidence about their technical prowess. Trying to get a simple quote for BGP feeds is...interesting. -richard On Thu, Jan 9, 2014 at 9:25 AM, ISP Services <nanog@isp-services.nl> wrote:
Hi,
I am wondering if anyone here has experiences with the Spamhaus DROP, EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes which contain (only) mallicious users.
We currently already use a Team Cymru feed for null routing bogons. Would you reckon that the Spamhaus lists offer many valid additions to the Team Cymru feeds? Did you have any disputes about prefixes that are announced as malicious use by Spamhaus with customers or other ISP's?
Any responses, on or off list are appreciated.
Thanks,
Dennis Hagens Network Engineer AS 24875
Richard I would be more than happy to get you intouch with someone who can help you Technically they are very good. Tom On Jan 9, 2014, at 5:10 PM, Richard Hesse wrote:
We're also interested in using their BGP feeds, but their website ( spamhaustech.com) doesn't give much confidence about their technical prowess. Trying to get a simple quote for BGP feeds is...interesting.
-richard
On Thu, Jan 9, 2014 at 9:25 AM, ISP Services <nanog@isp-services.nl> wrote:
Hi,
I am wondering if anyone here has experiences with the Spamhaus DROP, EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes which contain (only) mallicious users.
We currently already use a Team Cymru feed for null routing bogons. Would you reckon that the Spamhaus lists offer many valid additions to the Team Cymru feeds? Did you have any disputes about prefixes that are announced as malicious use by Spamhaus with customers or other ISP's?
Any responses, on or off list are appreciated.
Thanks,
Dennis Hagens Network Engineer AS 24875
I would also like that contact, i've been trying to get the same quote for feed only for months. Thanks, Bryan
Hi TR, This looks like a very promising service to me as well. Could you hit me off list with the pricing contact? The pricing on http://www.spamhaustech.com/datafeed/pricecalculator.lasso is a little high ($9,223,372,036,854,780,000.00/yr). :) Thanks, Adam -----Original Message----- From: TR Shaw [mailto:tshaw@oitc.com] Sent: Thursday, January 09, 2014 5:49 PM To: Bryan Socha Cc: NANOG Mailing List Subject: Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds Replied off list. On Jan 9, 2014, at 5:43 PM, Bryan Socha wrote:
I would also like that contact, i've been trying to get the same quote for feed only for months.
Thanks, Bryan
Looks like a bug, if you stick a 1 in total email users: Per Year: $504.00 -----Original Message----- From: Adam Greene [mailto:maillist@webjogger.net] Sent: Friday, January 10, 2014 9:11 AM To: 'NANOG Mailing List' Subject: RE: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds Hi TR, This looks like a very promising service to me as well. Could you hit me off list with the pricing contact? The pricing on http://www.spamhaustech.com/datafeed/pricecalculator.lasso is a little high ($9,223,372,036,854,780,000.00/yr). :) Thanks, Adam -----Original Message----- From: TR Shaw [mailto:tshaw@oitc.com] Sent: Thursday, January 09, 2014 5:49 PM To: Bryan Socha Cc: NANOG Mailing List Subject: Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds Replied off list. On Jan 9, 2014, at 5:43 PM, Bryan Socha wrote:
I would also like that contact, i've been trying to get the same quote for feed only for months.
Thanks, Bryan
Ah yes, indeed. Makes much more sense. Interesting that they price per email accounts serviced. I guess that's how they determine your relative size. Interesting the idea of using this service in conjunction with Team Cymru's BOGON lists. -----Original Message----- From: Eric Tykwinski [mailto:eric-list@truenet.com] Sent: Friday, January 10, 2014 9:16 AM To: 'NANOG Mailing List' Subject: RE: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds Looks like a bug, if you stick a 1 in total email users: Per Year: $504.00 -----Original Message----- From: Adam Greene [mailto:maillist@webjogger.net] Sent: Friday, January 10, 2014 9:11 AM To: 'NANOG Mailing List' Subject: RE: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds Hi TR, This looks like a very promising service to me as well. Could you hit me off list with the pricing contact? The pricing on http://www.spamhaustech.com/datafeed/pricecalculator.lasso is a little high ($9,223,372,036,854,780,000.00/yr). :) Thanks, Adam -----Original Message----- From: TR Shaw [mailto:tshaw@oitc.com] Sent: Thursday, January 09, 2014 5:49 PM To: Bryan Socha Cc: NANOG Mailing List Subject: Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds Replied off list. On Jan 9, 2014, at 5:43 PM, Bryan Socha wrote:
I would also like that contact, i've been trying to get the same quote for feed only for months.
Thanks, Bryan
Probably not a bug, but par for their technical prowess. The SpamTeq website includes your account number and password in every URI. I'm not sure I'd trust a company that does something as terrible as that to practice good coding elsewhere and not cause major damage with their data feeds. -richard On Fri, Jan 10, 2014 at 6:15 AM, Eric Tykwinski <eric-list@truenet.com>wrote:
Looks like a bug, if you stick a 1 in total email users: Per Year: $504.00
-----Original Message----- From: Adam Greene [mailto:maillist@webjogger.net] Sent: Friday, January 10, 2014 9:11 AM To: 'NANOG Mailing List' Subject: RE: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
Hi TR,
This looks like a very promising service to me as well.
Could you hit me off list with the pricing contact?
The pricing on http://www.spamhaustech.com/datafeed/pricecalculator.lassois a little high ($9,223,372,036,854,780,000.00/yr).
:)
Thanks, Adam
-----Original Message----- From: TR Shaw [mailto:tshaw@oitc.com] Sent: Thursday, January 09, 2014 5:49 PM To: Bryan Socha Cc: NANOG Mailing List Subject: Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds
Replied off list.
On Jan 9, 2014, at 5:43 PM, Bryan Socha wrote:
I would also like that contact, i've been trying to get the same quote for feed only for months.
Thanks, Bryan
In article <030101cf0e0e$71088af0$5319a0d0$@truenet.com> you write:
Looks like a bug, if you stick a 1 in total email users: Per Year: $504.00
No, that's right. If you're a tiny little network, you can use the public DNS servers for the BL lookups, and you can FTP the text version of DROP and turn in into firewall rules or whatever. That's what I do (hack perl scripts available on request.) The BGP feed is intended for networks large enough to need BGP. R's, John
On Thu, Jan 16, 2014 at 11:04 AM, John Levine <johnl@iecc.com> wrote:
If you're a tiny little network, you can use the public DNS servers for the BL lookups, and you can FTP the text version of DROP and turn in into firewall rules or whatever. That's what I do (hack perl scripts available on request.)
Here's working Bash script to sync the freely available DROP/EDROP lists into a quagga/linux route server. https://gist.github.com/dotysan/8463112 I ran that awhile back without issue. But not anymore. Last year I added the $250/yr BOTNETCC list which is BGP-only. And it was too convenient to move the DROP/EDROP lists into BGP for an additional $250. It works as advertized. The BOTNETCC list is only v4/32s and more dynamic than the other lists. It's up to you to set it up correctly so an accident doesn't blackhole your own prefixes...or favorite offshore gambling site. :-p ../C
participants (9)
-
Adam Greene -
Bryan Socha -
Curtis Doty -
Eric Tykwinski -
ISP Services -
John Levine -
Landon -
Richard Hesse -
TR Shaw