Border Gateway Protocol (BGP) Feeds deliver real time threat intelligence, allowing you to block connections from malicious IP addresses at the network edge, utilizing your existing BGP routers. This provides an additional layer of protection for your network without capital expenditure.

The feeds consist of Do Not Route or Peer (DROP), Botnet Controller List (BCL) and Extended Do Not Route or Peer (eDROP). These feeds are designed to have no false positives.

Configuring your BGP router to peer with the Spamhaus BGP router only takes minutes. After installing BCL and DROP in your router’s routing table, communications with botnet command & controllers (C&C) are stopped.

When used in conjunction with intrusion detection systems (IDS), e.g. Snort, the BCL identifies IP addresses of infected devices that are trying to contact botnet C&Cs, and blocks traffic to and from these devices.

DROP

Do Not Route or Peer

This lists the worst of the worst; networks entirely controlled by criminal organizations, which send zero legitimate traffic.

These networks are solely used for spamming, hosting malware-infected sites, distributing phishing email, hosting botnet command and control (C&C) servers, and launching DDoS attacks against other networks. DROP also contains a list of IP ranges that cybercriminals have leased from ISPs for the same purposes.

Any traffic from your network to a DROP listed IP address is likely to be a user responding to a phishing email, or a device infected with botnet malware.

Addtional details about our Border Gateway Protocol (BGP) service, which utilizes this feed, can be found on our BGP Product page.

BCL

Botnet Controller List

A specialized subset of the Spamhaus Block List (SBL) especially designed to be used with BGP Routers. It is an advisory “drop all traffic” list consisting of single IPv4 addresses, wholly under control of cybercriminals and used to control infected computers (bots).

The BCL does not contain any subnets or CIDR prefixes larger than /32.

Addtional details about our Border Gateway Protocol (BGP) service, which utilizes this feed, can be found on our BGP Product page.

eDROP

Extended Do Not Route Or Peer

This dataset is an extension of the DROP list. It includes sub-allocated netblocks controlled by spammers or cybercriminals.

This list should be used in addition to the standard version.

Addtional details about our Border Gateway Protocol (BGP) service, which utilizes this feed, can be found on our BGP Product page.