Spamhaus

The Spamhaus BGP Feed Service


Stop Traffic from Bots and Malware!

The Spamhaus BGP feed service (BGPf) delivers accurate and actionable threat data directly into your edge routers. The BGPf includes three lists as a single BGP feed:

  • Botnet Command and Control List (BCL)
  • Do Not Route or Peer (DROP) List
  • Extended DROP (EDROP) List

Your network administrator configures the router at your Internet gateway to peer with the Spamhaus BGPf router, loading the feed into your router's DENY table. Your router then rejects all network traffic to or from IPs on the BGPf, blocking malicious activity at your network's edge.

Why Use the BGPf?

The BGPf provides near real-time intelligence on locations of botnet controllers and bots on the Internet. It contains several Spamhaus lists of IPs and networks that host bots or are otherwise infected with malware.

When installed in a router's DENY table, the BGPf prevents any communication between that router and the IPs on the lists. If installed on all routers on a network, it blocks communication between botnet controllers and any bots on that network. Botnet operators are therefore unable to contact any bots on the network, which prevents them from receiving stolen information that can be used in identity theft, or giving instructions to those bots to spam or help the botnet operator to commit other crimes.

While no single source of data provides 100% protection against bots and malware, the Spamhaus Project's data sources are the best and most complete available. The BGPf is a critical part of an in-depth, multilayered defense strategy.


Key Features

The BGPf consists of the following Spamhaus lists:

  • Botnet Controller List (BCL). IPs belonging to servers that host botnet command and control (C&C) nodes. Blocking connections to C&C nodes prevents botnets from contacting infected computers (bots). A bot that cannot communicate with a C&C node cannot send stolen information to the botnet owners, and cannot receive new instructions. While the infection is still present, the bot is rendered harmless.
  • Do Not Route or Peer (DROP) list. Networks (/24 or larger) that are solely owned and operated by cybercriminals. These networks send malware, host malicious content, and engage in many types of criminal activity. Such networks do not engage in legitimate activities. If connections from these networks to your users are blocked, they cannot communicate with your users or attempt to hack your servers. If connections to these networks from users on your network are blocked, a careless click on a dangerous web link cannot cause a user's computer or mobile device to become infected or that user's private information to be stolen.
  • Extended DROP (EDROP) list. Subnets (/24 or larger) that are solely owned and operated by cybercriminals. These subnets function exactly like the networks on the DROP list, and blocking connections to and from them has the same benefits.

The BGPf combines these lists into a single BGP feed. Setup only minutes: configure your router to peer with the BGPf router, add a null route, and you're set. Your network becomes a no-go zone for bots and poisonous IPs.


Benefits

Delivers advanced threat intelligence directly into your router’s deny tables by peering with the Spamhaus BGPf router.

  • Stops malicious activity at your network's edge.
  • Blocks network traffic to and from known botnet C&Cs, bad networks, and IPs that engage in malicious activity.
  • Quickly blocks the majority of IPs that are actively engaged in the worst types of criminal activity online.
  • Blocks IPs controlled by malware and bots.

  • Prevents communication by infected computers and mobile devices on your network.

Today's Internet is complex, fast-moving, fascinating and unfortunately also dangerous to unwary users. Malicious activity abounds. A newly- discovered vulnerability in a widely-used operating system, a vulnerability in the software that runs your website or blog, an unwary user who clicks on a link in a banner advertisement on a website or in unsolicited bulk (spam) email, or a phone call from somebody who claims to be calling from a user's bank and asks for a login and password to “verify security”, is all it usually takes. Individual victims can and often do face thousands of dollars in costs and months or years of work to clean their records. Companies can face millions of dollars in cleanup costs.

Underneath the surface, many of these threats rely upon malware- infected computers (bots) that are linked together, forming a network (botnet). Other threats rely upon other types of malware infections. Cybercriminals use botnets and other malware-infected computers to mask their real locations when hacking, send high volumes of malware- infected spam emails, host websites that attempt to infect any computer or device that connects to them, and receive stolen login credentials and other information that allows them to empty bank accounts and commit identity theft.

Fortunately, botnets rely upon their ability to communicate with each other over the Internet to do their work. Block connections to and from bots and other malware-infected computers, and you greatly reduce or outright eliminate the harm that they can do.


What Customers are Saying

“The Spamhaus BGPf is an excellent service, allowing us to mitigate cyber threats and to block malicious traffic in both directions. It enables us to identify and clean infected computers within our internal network quickly, and to prevent cyber criminals from stealing sensitive data from our internal network using Trojan horses. It helps us to ensure the confidentiality and integrity of our network and the services we provide."

—IT Security representative, Schibsted IT

“Very simple BGP configuration and adding a null route is all that was needed - impact on the router was minimal and was a simple setup. All in all I highly recommend this service to any enterprise that has control over their external routers and need to take a multi layered security approach. The results speak for itself and the cost is so much lower than most other similar solutions we have researched.”

—CSO, Data2Logistics


Please contact us – to learn more about the BGPf service, and for quick answers to any questions that you might have, please contact support@securityzones.net.

If you are interested in additional information on the following questions, let us know and we will be happy to provide it:

  • How accurate is the data in the BGPf?
  • How to measure the BGPf's effectiveness.