BGP list of phishing sites?

Iljitsch van Beijnum iljitsch at muada.com
Mon Jun 28 22:24:29 UTC 2004


On 28-jun-04, at 18:47, Paul Vixie wrote:

> the root cause of network abuse is humans and human behaviour, not
> hardware or software or corporations or corporate behaviour.  if most
> people weren't sheep-like, they would pay some attention to the results
> of their actions and inactions.

It's easy to blame the user, and usually they deserve it, even if 
they're innocent this time they're guilty of something else. But if 
software is created in such a way that regular users manage to screw up 
consistently, maybe the software can be improved rather than the user 
chastised?

> actions like buying something from a
> spammer or clicking the "unsubscribe me" button in spam mail,

The problem is that a few in a thousand that do this ruin things for 
the rest. In anything involving humans it's useless to expect the right 
thing to happen 100% of the time.

> or running microsoft outlook.

Can't argue with you there.

> inactions like leaving their cable/DSL pee cee up 24x7 and never 
> wondering why the activity light on their modem flickers constantly.

:-)  My cable modem activity light starts blinking as soon as there is 
a link and never stops. A /20 can generate a significant amount of ARP 
traffic during the best of times...

> if you want people to notice the results of their actions and 
> inactions, then they have to be brought into the equation.

Ah, you are a BOFH follower. Unfortunately, rudeness rarely results in 
enlightenment.

>> Still, anti-spam blacklists are pretty much universally applied inside
>> SMTP implementations these days. So if 3828747.dhcp.bigcable.com is
>> blacklisted because it sources spam, people subscribing to the
>> blacklist will no longer receive spam from that host, but the host is
>> still capable of interacting with the net in general and the blacklist
>> users in particular over a host of other protocols.

> i'm trying to figure out why you think it's in your best interest to
> limit the impact of your defensive activities, or to limit the impact 
> of
> sheep-like behaviour on the sheep-like humans who own these infected
> hosts.

That's not what I'm worried about. If people do the wrong thing, by all 
means let them suffer the consequences so they may think twice about 
doing it again. What worries me is the potential for hurting innocent 
bystanders, or even active subversion of these mechanisms. I mean, what 
better way to DoS someone than have them put on a blacklist?

> i think "decide for themselves" is the right meme.

Good!

> but where we differ is on the questions of ownership and
> responsibility.  every network has to take responsibility for the
> traffic is spews, and cannot just say "take it up with my customer"
> since they're getting paid to make the spew possible.  and every 
> network
> has to be able to say "this shall not pass!"  concerning traffic that
> does not match their "AUP", and the only recourse their customers can
> have is to sign up with a different network.

I think the one true way is to be found somewhere between the extremes 
of controlling every little thing a customer does and not doing 
anything. But the real issue is that this is even necessary. The 
biggest problem we have with IP is that it doesn't provide for a way 
for a receiver to avoid having to receiving unwanted packets. It would 
be extremely useful if we could fix that.




More information about the NANOG mailing list