The internet is complex, fast-moving, fascinating, and unfortunately, sometimes dangerous to unwary users. All it takes is one vulnerability in a widely-used operating system, in software that runs your website or blog, or in an ad that can cause damage that costs a lot money and years of work to repair. Companies can face millions of dollars in cleanup costs
Underneath the surface, many of these threats rely upon malware-infected computers (bots) that are linked together, forming a network (botnet). Other threats rely upon other types of malware infections. Cybercriminals use botnets and other malware-infected computers to mask their real locations when hacking, sending high volumes of malware-infected spam emails, and hosting websites that attempt to infect any computer or device that connects to them. Through this criminal cyberactivity, they receive stolen login credentials and other information that allows them to empty bank accounts and commit identity theft.
Botnets rely upon their ability to communicate with each other over the internet to do their work. By blocking connections to and from bots and other malware-infected computers, you greatly reduce or outright eliminate the harm that they can do.
Spamhaus BGP Feed
Stop traffic from bots and malware before they’re even an issue with the Spamhaus BGP feed service (BGPf). The BGPf delivers accurate and actionable cyber threat data directly into your edge routers and includes three lists as a single BGP feed:
- Botnet Command and Control List (BCL)
- Do Not Route or Peer (DROP) List
- Extended DROP (EDROP) List
The router is configured at the internet gateway to pair with the Spamhaus BGPf router, loading the feed into your router’s DENY table. Your router is then able to reject all network traffic to and from IPs listed on the MGPf, blocking malicious activity at your network’s edge.
Why Use the BGPf?
The BGPf provides near real-time intelligence on the locations of botnet controllers and bots on the internet. It contains several Spamhaus IP blocklists and networks that host bots or are otherwise infected with malware.
When installed in a router’s DENY table, the BGPf prevents any communication between that router and the IPs on the lists. If installed on all routers on a network, it blocks communication between botnet controllers and any bots on that network. Botnet operators are, therefore, unable to contact any bots on the network, which prevents them from receiving stolen information that can be used to steal identities, give instructions to those bots, or help the botnet commit other cybercrimes.
While no single source of data provides 100% protection against bots and malware, the Spamhaus data sources are the best and most complete available. The BGPf is a critical part of an in-depth, multilayered defense strategy.
- Botnet Controller List (BCL): This list includes IP addresses that belong to servers that host botnet command and control (C&C) nodes. Blocking connections to C&C nodes prevents botnets from contacting infected computers (bots). A bot that cannot communicate with a C&C node cannot send stolen information to the botnet owners and cannot receive new instructions. While the infection is still present, the bot is rendered harmless, mitigating the potential damage.
- Do Not Route or Peer (DROP) List: This list includes networks (/24 or larger) that are solely owned and operated by cybercriminals; such networks do not engage in legitimate activities. These networks send malware, host malicious content, and engage in many types of criminal activities. When connections from these networks to your users are blocked, they cannot communicate with your users or attempt to hack your servers. Thanks to that blockage, a careless click on a dangerous web link will not cause a user’s computer or mobile device to become infected and that user’s private information to be stolen.
- Extended DROP (EDROP) List: This list includes subnets (/24 or larger) that are solely owned and operated by cybercriminals. These subnets function exactly like the networks on the DROP list, and blocking connections to and from them has the same benefits.
The BGPf combines these three lists into a single BGP feed that can be set up in just minutes. The router is configured to pair with the BGPf router, add a null route, and you’re set. Your network becomes a no-go zone for bots and malicious IPs.
Benefits BGPf Feeds
- Delivers advanced threat intelligence directly into your router’s deny tables by pairing with the Spamhaus BGPf router
- Stops malicious activity at your network’s edge
- Blocks network traffic to and from known botnet C&Cs, bad networks, and malicious IPs
- Quickly blocks the majority of IPs that are actively engaged in the worst types of cybercriminal activity
- Blocks IPs controlled by malware and bots.
- Prevents communication by infected computers and mobile devices on your network
What Customers Are Saying
“The Spamhaus BGPf is an excellent service, allowing us to mitigate cyber threats and to block malicious traffic in both directions. It enables us to identify and clean infected computers within our internal network quickly, and to prevent cybercriminals from stealing sensitive data from our internal network using Trojan horses. It helps us to ensure the confidentiality and integrity of our network and the services we provide.”
—IT Security representative, Schibsted IT
“Very simple BGP configuration and adding a null route is all that was needed – impact on the router was minimal and was a simple setup. All in all, I highly recommend this service to any enterprise that has control over their external routers and need to take a multi layered security approach. The results speak for itself and the cost is so much lower than most other similar solutions we have researched.”
Case Study: Using Spamhaus BGP Feed in Production EnvironmentRead the Case Study
Ready to implement the Spamhaus BGPf from SecurityZONES? Sign up for your 30 day free trial below!