BGP list of phishing sites?

Paul Vixie paul at vix.com
Mon Jun 28 16:47:21 UTC 2004


warning.  this is about humans rather than about IOS configs.  hit D now.

> >> Also, an "easy fix" like this may lower the pressure on the parties
> >> who are really responsible for allowing this to happen: the makers
> >> of insecure software / insecure operational procedures (banks!) and
> >> gullible users.
> 
> > actually, a bgp feed of this kind tends to supply the "missing
> > causal vector" whereby someone who does something sloppy or bad ends
> > up suffering for it.
> 
> ??? I don't understand?

the root cause of network abuse is humans and human behaviour, not
hardware or software or corporations or corporate behaviour.  if most
people weren't sheep-like, they would pay some attention to the results
of their actions and inactions.  actions like buying something from a
spammer or clicking the "unsubscribe me" button in spam mail, or running
microsoft outlook.  inactions like not installing patches that microsoft
has supplied free of charge over the years.  inactions like leaving
their cable/DSL pee cee up 24x7 and never wondering why the activity
light on their modem flickers constantly.

but the vast majority of humanity is and has always been sheep-like.
while i could talk about certain election victories and other meatspace
examples, that would be even more off-topic than we already are, so
let's just put it like this: if you want people to notice the results of
their actions and inactions, then they have to be brought into the
equation.  don't let worms be symbiotic, make them host-killing
parasites, and that will make the host bodies sit up and take notice.
this trick works every time.

> > ... the internet is very survivable and the necessary traffic always
> > finds a way to get through.  fixing layer >7 problems by denying
> > layer 3 service has indeed proven to be the only way to get remote
> > CEO's to care (or notice).
> 
> Still, anti-spam blacklists are pretty much universally applied inside
> SMTP implementations these days. So if 3828747.dhcp.bigcable.com is
> blacklisted because it sources spam, people subscribing to the
> blacklist will no longer receive spam from that host, but the host is
> still capable of interacting with the net in general and the blacklist
> users in particular over a host of other protocols.

i'm trying to figure out why you think it's in your best interest to
limit the impact of your defensive activities, or to limit the impact of
sheep-like behaviour on the sheep-like humans who own these infected
hosts.  in psycho- babble the term would best apply to your proposal is
"enabler".  why do you want to enable this kind of sheep-like behaviour?
what's in it for you?  if you think it'll leave more pee cee's online
and able to access your shopping cart system that's one thing.  but if
you think you're somehow helping the owners of these pee cees you're
wrong.  and you are in fact hurting yourself, and the rest of us, every
time you choose to be an "enabler" rather than letting these people stew
in their own sheep-like juices.

if it's easier for you to BGP-blackhole these bad sources and the only
reason you don't is because you think it would be unfair, then you're
part of the problem and you're helping to make the problem worse.

> ...
> My position is that end-user networks should decide for themselves if
> this is something they want, but it would be wrong for transit
> networks to make these decisions for all their customers, especially
> as they seem to be growing more and more impervious to incoming email
> or phone support requests that require knowledge of the proper order
> of the letters "I" and "P".

thanks for explaining your position, and very clearly i might add.
we're not so different -- i think "decide for themselves" is the right
meme.  but where we differ is on the questions of ownership and
responsibility.  every network has to take responsibility for the
traffic is spews, and cannot just say "take it up with my customer"
since they're getting paid to make the spew possible.  and every network
has to be able to say "this shall not pass!"  concerning traffic that
does not match their "AUP", and the only recourse their customers can
have is to sign up with a different network.

naturally, sean's and chris's employers don't see it that way at all,
and prefer to take no responsibility and exercise no control, except
where revenue is concerned.



More information about the NANOG mailing list