BGP list of phishing sites?

• Previous message (by thread): The use of .0/.255 addresses.
• Next message (by thread): BGP list of phishing sites?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Happy Sunday nanogers...

I was doing some follow up reading on the "js.scob.trojan", the latest 
"hole big enough to drive a truck through" exploit for Internet Explorer.

On the the things the article mentioned is that ISP/NSPs are shutting off 
access to the web site in russia where the malware is being downloaded 
from.

Now we've done this in the past when a known target of a DDOS was upcoming 
or a known website hosted part of a malware package, and it is fairly 
effective in stopping the problems.

So what I was curious about is would there be interest in a BGP feed (like 
the DNSBLs used to be) to null route known malicious sites like that?

Obviously, both operational guidelines, and trust of the operator would 
have to be established, but I was thinking it might be useful for a few 
purposes:

1> IP addresses of well known sources of malicious code (like in the 
example above)
2> DDOS mitigation (ISP/NSP can request a null route of a prefix which 
will save the "Internet at large" as well as the NSP from the traffic 
flood
3> etc

Since the purpose of this list would be to identify and mitigate large 
scale threats, things like spammers, etc would be outside of it's charter.

If anyone things this is a good (or bad) idea, please let me know. 
Obviously it's not fully cooked yet, but I wanted to throw it out there.

Thanks
-Scott

• Previous message (by thread): The use of .0/.255 addresses.
• Next message (by thread): BGP list of phishing sites?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]