Product Details

How does Border Gateway Protocol (BGP) Firewall work?

You can apply threat intelligence feeds to any router or modern-day firewalls like CISCO, Sophos, or Fortinet.

These feeds are lists of IP addresses that effectively stop malicious traffic from compromised devices within your network perimeter communicating with external botnet C&C servers. This includes malware families that act as Initial Access Brokers, including Emotet and Quakbot.

Blocking this traffic at the network level prevents spam campaigns, loss of data, and encryption. Read The Beginner’s Guide to BGP to better understand how these feeds work.

Who can use BGP Feeds?

Network engineers, security operations centers [SOCs], and anyone who manages their network edge routers or firewalls. Even if you don’t own an ASN, we support the use of private ASNs to establish sessions with our BGP Feeds.

How to integrate BGP Feeds

It takes just a few minutes to configure your edge router or firewall to peer with a Spamhaus BGP router.

After peering with the four communities, DROP, EDROP, Botnet Controller List (BCL) – Compromised and Dedicated, communications with botnet C&Cs are blocked.

This prevents infected computers within your network from receiving instructions and malware updates. Both available Botnet Controller Lists disrupt communications with the C&C servers, neutralizing botnet nodes within your network and stopping sensitive data egress, even though the devices have not yet had the malware removed.


Based on network size, starting from $2,500 per annum.