Border Gateway Protocol (BGP) Feeds deliver real time threat intelligence, allowing you to block connections from malicious IP addresses at the network edge, utilizing your existing BGP routers or Firewalls. This provides an additional layer of protection for your network without capital expenditure.

The feeds consist of Do Not Route or Peer (DROP), Botnet Controller List (BCL) and Extended Do Not Route or Peer (eDROP). These feeds are designed to have no false positives.

Configuring your BGP router to peer with the Spamhaus BGP router only takes minutes. After installing BCL and DROP in your router’s routing table, communications with botnet command & controllers (C&C) are stopped.

When used in conjunction with intrusion detection systems (IDS), e.g. Snort, the BCL identifies IP addresses of infected devices that are trying to contact botnet C&Cs, and blocks traffic to and from these devices.

DROP

Do Not Route or Peer

This lists the worst of the worst; networks entirely controlled by criminal organizations, which send zero legitimate traffic.

These networks are solely used for spamming, hosting malware-infected sites, distributing phishing email, hosting botnet command and control (C&C) servers, and launching DDoS attacks against other networks. DROP also contains a list of IP ranges that cybercriminals have leased from ISPs for the same purposes.

Any traffic from your network to a DROP listed IP address is likely to be a user responding to a phishing email, or a device infected with botnet malware.

Addtional details about our Border Gateway Protocol (BGP) service, which utilizes this feed, can be found on our BGP Product page.

BCL

Botnet Controller List

This dataset is specially designed for use with BGP Routers and some Firewalls. It is an advisory “drop all traffic” list consisting of single IPv4 addresses that are being used to host botnet command and control (C&C) servers to control infected computers (bots). Used on the network edge, it will prevent any infected devices on your network from communicating with a botnet C&C.

The BCL does not contain any subnets or CIDR prefixes larger than /32.

Addtional details about our Border Gateway Protocol (BGP) service, which utilizes this feed, can be found on our BGP Product page.

eDROP

Extended Do Not Route Or Peer

This dataset is an extension of the DROP list. It includes sub-allocated netblocks controlled by spammers or cybercriminals.

This list should be used in addition to the standard version.

Addtional details about our Border Gateway Protocol (BGP) service, which utilizes this feed, can be found on our BGP Product page.