nanog mailing list archives
Re: SpamHaus Drop List
From: md () Linux IT (Marco d'Itri)
Date: Thu, 23 Aug 2007 19:11:26 +0200
On Aug 23, Paul Vixie <paul () vix com> wrote:
Does anyone use spamhaus drop list ? http://www.spamhaus.org/drop/index.lassoi do.
Me too, since a couple of years. I do not have any negative issues to report and I encourage everybody who cares about their customers to filter the routes listed in DROP.
I'm glad to listen opinions or experience.no false positives yet. mostly seems to drop inbound tcp/53.
I know that DROP blocks some name servers used by pharming gangs. E.g.: http://isc.sans.org/diary.html?storyid=1872 http://isc.sans.org/diary.html?storyid=997 A customer of mine found out that he was infected by this malware when he noticed that he could not resolve anymore his web sites hosted on my network. My authoritative name servers are protected by DROP and the recursive name servers configured by the malware (85.255.116.20 and others in that /20) were not able to reach them. -- ciao, Marco
Current thread:
- SpamHaus Drop List hjan (Aug 23)
- Re: SpamHaus Drop List Paul Vixie (Aug 23)
- Re: SpamHaus Drop List Marco d'Itri (Aug 23)
- Re: SpamHaus Drop List Sean Donelan (Aug 23)
- Re: SpamHaus Drop List Peter Dambier (Aug 23)
- Re: SpamHaus Drop List Al Iverson (Aug 23)
- Re: SpamHaus Drop List Paul Vixie (Aug 23)
- Re: SpamHaus Drop List Sean Donelan (Aug 23)
- Re: SpamHaus Drop List Paul Vixie (Aug 24)
- Re: SpamHaus Drop List Sean Donelan (Aug 24)
- Re: SpamHaus Drop List Paul Vixie (Aug 23)
- Re: SpamHaus Drop List Paul Vixie (Aug 23)
- Re: SpamHaus Drop List Steve Linford (Aug 24)