BGP list of phishing sites?

• Previous message (by thread): BGP list of phishing sites?
• Next message (by thread): BGP list of phishing sites?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 28, 2004, at 1:56 PM, Stephen J. Wilcox wrote:

> Personally - bad.

Another personal response (edited from my response to the LINX paper):

Fighting "phishing" web sites is a necessary and important task.  Of 
course, part of why it is necessary is because end users are ignorant, 
untrained, and/or gullible.  But the fact remains that phishing is a 
burden on society and the Internet.

Unfortunately, I worry that this cure is worse than the disease.  
Filtering IP addresses are not the right way to attack these sites - 
the move too quickly and there is too much danger of collateral damage.

Perhaps even more dangerous is the need for verification.  For the list 
to be at all effective, it has to move very, very quickly, as the 
phishing sites move very quick.  Creating an environment where the list 
is updated quickly increases the chance of mistakes or even malicious 
filtering.

In short, I cannot see a BGP list actually cutting down on phishing 
without massive collateral damage.  Reducing the collateral damage will 
likely make the list ineffective against phishing sites.  The 
combination makes this a no-win situation.

All, IMHO, of course. :)

-- 
TTFN,
patrick

• Previous message (by thread): BGP list of phishing sites?
• Next message (by thread): BGP list of phishing sites?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]