Blocklist Removal Center
About Spamhaus  |  FAQs  |  News Blog   
Frequently Asked Questions (FAQ)
BGPf FAQ
Datafeed FAQ
DNSBL Usage
DROP FAQ
Generic Questions
Glossary
ISP Spam Issues
Legal Questions
Marketing FAQs
Online Scams
Organization
ROKSO FAQ
Spamhaus BCL
Spamhaus CSS
Spamhaus DBL
Spamhaus PBL
Spamhaus SBL
Spamhaus XBL



BGPf FAQ

What is BGPf?
What is BCL?
Who should use BGPf?
How to obtain access to Spamhaus BGP feed (BGPf)?
Am I allowed to redistribute DROP and/or EDROP?
Am I allowed to redistribute BGPf?
I don't have router equipment, can I still use BGPf?


What is BGPf?

Spamhaus offers a BGP (Border Gateway Protocol) feed of three of its blocklists; the Botnet Controller List (BCL), the DROP List, and the extended DROP List (EDROP). These lists can be loaded into routers by peering with Spamhaus BGP feed (BGPf) using the BGP protocol. This allows your router equipment to block packets originating from IP addresses involved in certain types of malicious activity.



What is BCL?
The Spamhaus Botnet Controller List ("BCL") is an advisory "drop all traffic" list consisting of single IPv4 addresses. The feed does not contain any subnets or CIDR prefixes longer than /32.

The servers on these IP addresses host botnet Command and Control nodes. Botnet C&C nodes are servers that control the individual malware-infected computers (bots) that together form a botnet. Bots regularly contact botnet C&C nodes so that the malware on the bots can transfer stolen data to the C&C node for delivery to the botnet's owner, and to obtain instructions for what they are to do next. Once a botnet contacts a C&C node, it receives instructions to send spam, host spammed web sites, attack other hosts on the internet, and provide name service (DNS) for the domains used in those attacks.


Who should use BGPf?
Anyone or anyplace that has the ability to block or filter IP address ranges on their network by using router equipment (e.g. Internet Service Providers).

Most of the other Spamhaus data-sets (SBL, XBL, PBL) are designed for SMTP connection time filtering. The BGP feed (BGPf) is small in comparison and is not a replacement. It can be used to further secure ones network from those attempting to attack it or harm ones users.


How to obtain access to Spamhaus BGP feed (BGPf)?
You can get access to Spamhaus BGP feed (BGPf) for an annual fee. Please visit SpamTEQe to get to the application form.


Am I allowed to redistribute DROP and/or EDROP?
Yes. If you do wish to redistribute one of the plain text feeds (DROP and/or EDROP) please ensure that you name Spamhaus as source of the data (for example, include the copyright statement at the top of the text file).

Redistributing/exporting of the BGPf version is not allowed.



Am I allowed to redistribute BGPf?
No. If you adopt the BGPf version of one of these lists or the botnet C&C list in your network, you are not allowed to redistribute the feed to other networks. The export of these feeds/prefixes to other networks is prohibited.


I don't have router equipment, can I still use BGPf?
BGPf is designed to serve null advisories to ISPs or network providers using BGP which is implemented on the router level. However, Spamhaus also offers DROP list and extended DROP list (EDROP) in plain text format which can be used to implement them on nearly any kind of device or software (eg. Network gateways, Firewalls, Web-proxies etc). The plain text feeds are available for free HERE.

The Spamhaus Botnet Controller List (BCL) is available in different formats as well, such as for IDS / IPS and RPZ. More information about BCL can be found on the BCL page.


© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy