BGP list of phishing sites? Website behind Net attack offline
Henry Linneweh
hrlinneweh at sbcglobal.net
Sun Jun 27 23:01:57 UTC 2004
http://www.news.com.au/common/story_page/0,4057,9975753%255E1702,00.html
-Henry
--- Scott Call <scall at devolution.com> wrote:
>
> Happy Sunday nanogers...
>
> I was doing some follow up reading on the
> "js.scob.trojan", the latest
> "hole big enough to drive a truck through" exploit
> for Internet Explorer.
>
> On the the things the article mentioned is that
> ISP/NSPs are shutting off
> access to the web site in russia where the malware
> is being downloaded
> from.
>
> Now we've done this in the past when a known target
> of a DDOS was upcoming
> or a known website hosted part of a malware package,
> and it is fairly
> effective in stopping the problems.
>
> So what I was curious about is would there be
> interest in a BGP feed (like
> the DNSBLs used to be) to null route known malicious
> sites like that?
>
> Obviously, both operational guidelines, and trust of
> the operator would
> have to be established, but I was thinking it might
> be useful for a few
> purposes:
>
> 1> IP addresses of well known sources of malicious
> code (like in the
> example above)
> 2> DDOS mitigation (ISP/NSP can request a null route
> of a prefix which
> will save the "Internet at large" as well as the NSP
> from the traffic
> flood
> 3> etc
>
> Since the purpose of this list would be to identify
> and mitigate large
> scale threats, things like spammers, etc would be
> outside of it's charter.
>
> If anyone things this is a good (or bad) idea,
> please let me know.
> Obviously it's not fully cooked yet, but I wanted to
> throw it out there.
>
> Thanks
> -Scott
>
More information about the NANOG
mailing list