IP and Domain Reputation Checker
About Spamhaus  |  FAQs  |  News Blog   
Frequently Asked Questions (FAQ)
DNSBL Usage
General Questions
Glossary
Hacked... Here's help
ISP Spam Issues
Legal Questions
Marketing FAQs
Online Scams
Organization
ROKSO FAQ
Spamhaus BCL
Spamhaus CSS
Spamhaus DBL
Spamhaus HBL
Spamhaus PBL
Spamhaus SBL
Spamhaus XBL
Spamhaus DROP
 » BGPf FAQs
 » Datafeed FAQs



Spamhaus BCL


DEFINITION: "Botnet Controller List" (BCL)

What is the BCL?

BCL USAGE QUESTIONS

How do I use the BCL?
How often is the BCL updated?
How to obtain access to BCL?
Can the BCL block legitimate traffic?



DEFINITION: "Botnet Controller List" (BCL)


What is the BCL?
What is the Spamhaus Botnet Controller List (BCL)?

The BCL is a specialized subset of the Spamhaus Block List (SBL).
  • It is an advisory "drop all traffic" list consisting of single IPv4 addresses that are used by cybercriminals to control infected computers (bots).
  • BCL does not contain any subnets or CIDR prefixes larger than /32.
  • BCL listings are made according to policies outlined in BCL Listing Criteria.
What is the purpose of BCL?

The main purpose of BCL is to block malicious traffic at the network edge.
  • BCL can be used in several different types of devices, from firewalls to Intrusion detection systems (IDS/IPS) and many other security appliances.
  • BCL can also be used passively - for example, by checking the log files of web proxies, firewalls or any other security devices to detect botnet generated traffic in your network.



BCL USAGE QUESTIONS


How do I use the BCL?
In what formats is BCL offered?

BCL is available in different formats, such as a rule file for various Intrusion Detection Systems (IDS)/ Intrusion Prevention Systems (IPS). It is also available in a plain-text file, in CSV, as a Response Policy Zone (RPZ) and via the Spamhaus BGP Feed (BGPf).

Specific instructions for implementation will depend on what use case you have; such questions should be referred to the device documentation or vendor.

Is there a difference between the BCL and the BGPf?

The Spamhaus BGP feed (BGPf) is just a different delivery method for the BCL.


How often is the BCL updated?
BCL is updated in real time.

BCL listings in the past 30 days

Number of BCL listings in the past 30 days.


How to obtain access to BCL?
To find out more information regarding access to the BCL please complete the contact form on Spamhaus Technology's website.


Can the BCL block legitimate traffic?
The BCL's primary objective is to avoid 'false positives' while blocking as much malicious traffic as possible.
  • BCL false positives are extremely rare.
  • Since BCL is a subset of SBL, every BCL listing is based on an investigation by one of the Spamhaus SBL team members.
  • BCL does not contain any automated listings: all listings on BCL have been issued and reviewed by a human individual.


© 1998-2023 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy