Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Border Gateway
Protocol (BGP)

Block the worst-of-the-worst at your network perimeter, taking advantage of your existing BGP-capable appliances, including routers and modern firewalls. Our data available via BGP Firewall carries minimal risk of blocking legitimate traffic, given its high certainty of maliciousness.

Sign up for a free trial

Low false positives

Only known and verified malicious dedicated and compromised hosts enter our botnet C2 IPs dataset.

Existing router protection

Enhance appliances within your current infrastructure with industry-leading threat data, increasing the value you get from existing hardware.

Reduced attack surface

Stop threats at the network edge, before they touch your broader network infrastructure.

Spamhaus’ BGP Firewall

Access to our data is provided by Spamhaus’ BGP Firewall service. Using our threat intelligence data, via your existing firewall or router, automatically drop connections to and from the worst of the worst IP addresses, including netblocks "hijacked" or leased by professional spam or cyber-crime operations, to IP addresses hosting botnet command and control (C2) servers.

Why are there two different names for the data?

Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.

Datasets Included

Botnet C2 IPs

(Botnet Controller List - BCL)

Botnet command and controller (C2) servers. The status of these single IPv4 addresses is re-evaluated several times a day to identify active botnet controllers only. Utilize for protection or threat intelligence requirements.

Highly Malicious Networks

(Don't Route Or Peer - DROP)

transition

Use case for BGP

Transition

For Edge Protection

Use Spamhaus BGP Firewall to secure your network edge with real-time protection against malicious IPs. Deploy threat intelligence data at the routing level using BGP, and automatically block communications to and from IPs involved in the most dangerous cybercrimes, before they take hold.

Strengthen your perimeter security and build lasting resilience, creating a safer, more secure network.

Reduce resource overheads

Eliminate the need to remediate core servers, critical applications, and user machines by stopping threats at the first point of entry, minimizing the attack surface.

Prevent data loss and ransomware incidents

Block infected devices within your network from communicating with botnet C2s, stopping data exfiltration and malware progression.

Faster containment

When a high-certainty malicious connection is detected, the router can automatically drop the connection without human intervention - it’s automated edge protection.

Getting started

  • How to start a free 30-day trial

    Simply complete the form and submit. No credit card or payment details are required for the free trial.

    What happens next?

    Once you’ve completed the form to trial the Border Gateway Protocol Firewall, one of our team will be in touch to get you set up with access.

    Need help?

    If you have any questions, please add them to the comments on the sign up form. Once you gain access to the data, technical support is available via our Customer Portal.

    How can I purchase the data?

    During your free trial, you can request a quote in the Customer Portal to get the subscription cost based on your setup. You can also enable trials of additional datasets via the Customer Portal.

  • System requirements

    You can apply our data to any router or modern-day firewalls like CISCO, Sophos, or Fortinet. Set up is straightforward and uses your existing infrastructure.

    To use the data via our BGP Firewall service, you’ll need to manage your own network edge routers or firewalls. Even if you don’t own an ASN, we support the use of private ASNs to establish sessions with our BGP Feeds.

  • Technical documentation

    Full set up details for accessing the data via the BGP Firewall Service are available in the customer portal once you start a free trial.

  • How to optimize your network protection with DNS RPZ

    BGP Firewall stops malicious traffic at the router level by blocking bad IP addresses. This is essential for threats that never use domain names, such as certain botnet command-and-control (C&C) servers.

    But many attackers do rely on domain names for their C&C traffic. When one server is taken down, they can quickly switch to a new host and simply point their domain to a new IP address.

    This is where DNS Response Policy Zones add an extra layer of defense. Blocking malicious domains before connections are made, can stop botnet C&C activity as well as phishing, malware, adware, and cryptomining domains.

    By combining BGP Firewall and DNS RPZs, you can block threats whether they rely on IPs or domains, for more efficient network protection - learn more about DNS RPZs.

  • Pricing

    Pricing for Spamhaus BGP Firewall is based on network size, with final costs provided after the trial. Alternatively please contact our sales team.

View FAQs

Ready to start
your free trial?

Get a free 30-day trial of Border Gateway Protocol Firewall. No credit card details required.

Sign up

Frequently Asked Questions

  • Who can use BGP Firewall?

    Anyone or any network that has the ability to block or filter IP address ranges on their network by using router equipment can use BGP datasets.

    Suitable users include Network engineers, Security Operations Center (SOC) Analysts, and anyone who manages their network edge routers or firewalls.

  • How does BGP Firewall work?

    Users peer their router or firewall with our BGP Firewall data, which contains a real-time list of malicious IP addresses. If the IP is on this list the connection is automatically dropped.

    This immediately stops malicious traffic, both ways; it blocks infected devices within your network perimeter communicating with external botnet C2s, preventing activity such as beaconing or sending reconnaissance data. Additionally, it prevents the same C2s issuing commands, for example, data exfiltration or stopping them from acting as Initial Access Brokers - which enable further malicious activity.

    Read The Beginner’s Guide to BGP to better understand how the data works.

  • How to integrate Border Gateway Protocol (BGP) datasets

    There are three available communities to peer to:

    • Highly malicious networks (DROP)*,
    • Botnet C2 IPs - Compromised and Dedicated (Botnet Controller List),

    It takes just a few minutes to configure your edge router or firewall to peer with a Spamhaus BGP router.

    After peering with the communities, communications to and from botnet C&Cs are blocked. This immediately prevents infected computers within your network from receiving instructions and malware updates.

    Both available Botnet C2 IP communities disrupt communications with the C&C servers, neutralizing botnet nodes within your network and stopping sensitive data egress, even though the devices have not yet had the malware removed.

    *Highly malicious networks (DROP) data through BGP: the protection given is 100% effective only when the device using our BGP data is not also in use for full-route Internet BGP.

  • Am I allowed to redistribute BGP datasets?

    No. If you adopt the BGP datasets or the Botnet C2 IP dataset (Botnet Controller List) in your network, you are not allowed to redistribute the data to other networks. The export of these datasets/prefixes to other networks is prohibited. Please see our subscription Terms & Conditions provided upon signing up for the service and creating an account.

  • I don't have router equipment, can I still use BGP Firewall?

    BGP datasets are designed to serve null advisories to ISPs or network providers using BGP, which is implemented on the router level. However, Spamhaus also offers the DROP list as a text file which can be implemented using nearly any kind of device or software (eg. network gateways, firewalls, web proxies etc).

    Please see here for additional information on how to download and use the DROP plain text files.

Explore more

Data Access

DNS Response Policy Zones

Access our wide variety of DNS Response Policy Zone files to block or redirect access based on your appetite for risk. We provide the data, you set the terms, configurable to your business’ needs and company requirements/policies.

Learn More

Data Access

Intelligence API

Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.

Learn More

Data Access

Real-time DNS Blocklists

Query real-time DNS blocklists, covering IPs, domains and hashes (including malware files, cryptowallets, email addresses and URLs) to protect your email infrastructure, wider network and users.

Learn More
Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon