AS65099 BGP threat feed

Free BGP blocklist routes. ~27,000 prefixes.

Get sample config
Neighbor176.100.36.217
Remote AS65099
SessioneBGP multihop
Actionblackhole

Peering Details

Peer

176.100.36.217

ASN

65099

Session

eBGP multihop

AFI

IPv4 unicast

We advertise host routes for malicious sources. You apply an inbound policy that turns every prefix from this session into a blackhole / discard route, so traffic to those destinations is silently dropped on your edge. We advertise prefixes with NO_ADVERTISE bgp community.

How It Works

  1. Configure the session. Point an eBGP multihop neighbor at 176.100.36.217 with remote AS 65099.
  2. Apply the inbound policy. Use the sample config for your platform below. It rewrites the next-hop to discard or marks the route as blackhole.
  3. Done. Routes install pointing at Null0 / discard. Updates and withdrawals are handled live over BGP.

Each sample sets a sane maximum-prefix safety limit and routes the discard next-hop (10.99.99.99 for IPv4, 100::1 for IPv6) to Null0. Replace <YOUR-ASN> with your own AS number before applying.

Source Data

Public blocklists mapped to BGP communities.

IPsum level 3

raw.githubusercontent.com/stamparm/ipsum

999:1001

Spamhaus DROP

iplists.firehol.org/files/spamhaus_drop.netset

999:1002

FireHOL level 2

iplists.firehol.org/files/firehol_level2.netset

999:1003

Cybercrime IP set

iplists.firehol.org/files/cybercrime.ipset

999:1004

FireHOL abusers 1d

iplists.firehol.org/files/firehol_abusers_1d.netset

999:1005

Communities let peers identify the source list if they want to log, filter, or prefer specific feeds. All routes use next-hop 10.99.99.99.

Sample BGP Configs

Replace <YOUR-ASN> and apply inbound.

Download 
Loading…