Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Frequently
Asked
Questions

Frequently asked questions about our solutions and data. If you can’t find what you’re looking for, get in touch below - we’re happy to help.

Categories

abuse.ch
Border Gateway Protocol (BGP)Botnet C2 IPsBotnet Controller ListData Query ServiceDNS BlocklistsDNS FirewallDo Not Route or Peer (DROP)General account questionsGeneral terminologyHighly malicious networksListing removalsPassive DNSReputation PortalResponse Policy Zones (RPZ)Sharing data with SpamhausSpamhaus Intelligence APISpamhaus Intelligence API - Developer License

FAQs | Border Gateway Protocol

Border Gateway Protocol (BGP)

  • Am I allowed to redistribute BGP datasets?

    No. If you adopt the BGP datasets or the Botnet C2 IP dataset (Botnet Controller List) in your network, you are not allowed to redistribute the data to other networks. The export of these datasets/prefixes to other networks is prohibited. Please see our subscription Terms & Conditions provided upon signing up for the service and creating an account.

  • How does BGP Firewall work?

    Users peer their router or firewall with our BGP Firewall data, which contains a real-time list of malicious IP addresses. If the IP is on this list the connection is automatically dropped.

    This immediately stops malicious traffic, both ways; it blocks infected devices within your network perimeter communicating with external botnet C2s, preventing activity such as beaconing or sending reconnaissance data. Additionally, it prevents the same C2s issuing commands, for example, data exfiltration or stopping them from acting as Initial Access Brokers - which enable further malicious activity.

    Read The Beginner’s Guide to BGP to better understand how the data works.

  • How to integrate Border Gateway Protocol (BGP) datasets

    There are three available communities to peer to:

    • Highly malicious networks (DROP)*,
    • Botnet C2 IPs - Compromised and Dedicated (Botnet Controller List),

    It takes just a few minutes to configure your edge router or firewall to peer with a Spamhaus BGP router.

    After peering with the communities, communications to and from botnet C&Cs are blocked. This immediately prevents infected computers within your network from receiving instructions and malware updates.

    Both available Botnet C2 IP communities disrupt communications with the C&C servers, neutralizing botnet nodes within your network and stopping sensitive data egress, even though the devices have not yet had the malware removed.

    *Highly malicious networks (DROP) data through BGP: the protection given is 100% effective only when the device using our BGP data is not also in use for full-route Internet BGP.

  • I don't have router equipment, can I still use BGP Firewall?

    BGP datasets are designed to serve null advisories to ISPs or network providers using BGP, which is implemented on the router level. However, Spamhaus also offers the DROP list as a text file which can be implemented using nearly any kind of device or software (eg. network gateways, firewalls, web proxies etc).

    Please see here for additional information on how to download and use the DROP plain text files.

  • Who can use BGP Firewall?

    Anyone or any network that has the ability to block or filter IP address ranges on their network by using router equipment can use BGP datasets.

    Suitable users include Network engineers, Security Operations Center (SOC) Analysts, and anyone who manages their network edge routers or firewalls.

  • Who should use BGP datasets?

    Anyone or any network that has the ability to block or filter IP address ranges on their network by using router equipment can use BGP datasets.

Need Help?
Get in touch

0

Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.

I agree to receive other communications from Spamhaus.

Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon