Howdy! Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. Thank You, Mike -- Mike Lyon 408-621-4826 mike.lyon@gmail.com http://www.linkedin.com/in/mlyon
On May 17, Mike Lyon <mike.lyon@gmail.com> wrote:
Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. We use Spamhaus DROP (not the BGP version: our software asks a human to review each change). The benefits are not obvious since we do not have access customers, but it will blackhole some networks you obviously do not want to talk to, and it has not caused any troubles either.
-- ciao, Marco
How much false positives (i.e. blackholing traffic users want to reach)? On 18.05.15 21:04, Marco d'Itri wrote:
On May 17, Mike Lyon <mike.lyon@gmail.com> wrote:
Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. We use Spamhaus DROP (not the BGP version: our software asks a human to review each change). The benefits are not obvious since we do not have access customers, but it will blackhole some networks you obviously do not want to talk to, and it has not caused any troubles either.
In article <555B8313.5080400@netassist.ua> you write:
How much false positives (i.e. blackholing traffic users want to reach)?
Very little. The DROP list, which is what's in the BGP feed, is a small subset of the SBL, and only includes blocks that send no legitimate traffic at all.
On 18.05.15 21:04, Marco d'Itri wrote:
On May 17, Mike Lyon <mike.lyon@gmail.com> wrote:
Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. We use Spamhaus DROP (not the BGP version: our software asks a human to review each change). The benefits are not obvious since we do not have access customers, but it will blackhole some networks you obviously do not want to talk to, and it has not caused any troubles either.
At dnswl.org <http://dnswl.org/> we check our data against the DROP list every once in a while. The overlap of DROP with legitimate sources of SMTP traffic is very, very small: a low single-digit number, and most of them are crappy to start with (so we don’t publish them, but only keep them in our database for reference purposes). — Matthias
Am 19.05.2015 um 20:38 schrieb Max Tulyev <maxtul@netassist.ua>:
How much false positives (i.e. blackholing traffic users want to reach)?
On 18.05.15 21:04, Marco d'Itri wrote:
On May 17, Mike Lyon <mike.lyon@gmail.com> wrote:
Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. We use Spamhaus DROP (not the BGP version: our software asks a human to review each change). The benefits are not obvious since we do not have access customers, but it will blackhole some networks you obviously do not want to talk to, and it has not caused any troubles either.
On Sun, May 17, 2015 at 7:50 AM, Mike Lyon <mike.lyon@gmail.com> wrote:
Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance.
We've been using the BGP feed for a little over a year now. We had some problems with malware infected end user PCs causing upstream congestion resulting in "slow internet" complains. The spamhouse feed definitely helped a little with our problem but it's not the magic super tool to completely stop malware in your network. On the other hand there was no complain due to a false positive (a couple of years ago we had one complain due to a false positive on the EDROP list). Best Regards, Frederik Kriewitz
participants (6)
-
Frederik Kriewitz -
John Levine -
Matthias Leisi -
Max Tulyev -
md@Linux.IT -
Mike Lyon