Categories

• Botnet Controller (BCL)
• Commercial Data
• Consumer
• CSS Blocklist (CSS)
• DNSBL Usage
• Domain Blocklist (DBL)
• DROP
• Exploits Blocklist (XBL)
• General Definitions
• General Questions
• Hacked - General Help
• Hash Blocklist (HBL)
• ISP General Questions
• Legal Questions
• Malware Questions
• Marketing Email
• Media Enquiries
• Online Scams
• Organization
• Policy Blocklist (PBL)
• Port 25 General Questions
• Reputation Statistics
• ROKSO
• Spamhaus Blocklist (SBL)
• Zero Reputation Domain (ZRD)

Categories

Get in touch with us through the link below.

• Definition: Botnet Controller List (BCL)
  • What is the Botnet Controller List (BCL)?

    What is the Spamhaus Botnet Controller List (BCL)?

    • It is an advisory “drop all traffic” list consisting of single IPv4 addresses that are used by cybercriminals to control infected computers (bots).
    • BCL does not contain any subnets or CIDR prefixes larger than /32.
    • BCL listings are made according to policies outlined inBCL Listing Criteria.

    What is the purpose of BCL?

    The main purpose of BCL is to block malicious traffic at the network edge.

    • BCL can be used in several different types of devices, from firewalls to intrusion detection systems (IDS/IPS) and many other security appliances.
    • BCL can also be used passively – for example, by checking the log files of web proxies, firewalls or any other security devices to detect botnet-generated traffic in your network.
• BCL usage questions
  • In what formats is BCL offered?

    BCL is available in different formats, such as a rule file for various Intrusion Detection Systems (IDS)/ Intrusion Prevention Systems (IPS). It is also available in a plain-text file, in CSV, as a Response Policy Zone (RPZ) and via theSpamhaus BGP Feed (BGPf).

    Specific instructions for implementation will depend on what use case you have; such questions should be referred to the device documentation or vendor.

    Is there a difference between the BCL and the BGPf?

    TheSpamhaus BGP feed (BGPf) is just a different delivery method for the BCL.

  • How often is the Botnet Controller List (BCL) updated?

    The Botnet Controller List (BCL) is updated in real time.

  • How to obtain access to Botnet Controller List (BCL)?

    To find out more information regarding access to the BCL please complete thecontact form on Spamhaus Technology’s website.

  • Can the BCL block legitimate traffic?

    The BCL’s primary objective is to avoid ‘false positives’ while blocking as much malicious traffic as possible.

    • BCL false positives are extremely rare.
    • Since BCL is a subset of SBL,every BCL listing is based on an investigation by one of the Spamhaus SBL team members.
    • BCL does not contain any automated listings: all listings on BCL have been issued and reviewed by a human.