Phishing and BGP Blackholing

Valdis.Kletnieks at Valdis.Kletnieks at
Wed Jan 3 02:52:26 UTC 2007

On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said:
> I'm curious if anyone can answer whether there has been any traction
> made relative to blocking egress traffic (via BGP) on US backbones which
> is destined to IP addresses used for fraudulent purposes, such as
> phishing sites.
> I'm sure there are several challenges to implementing this...

Well, there's the whole "collateral damage" issue - often, these things pop up
on hosting sites, where trying to null-route will
also break access to several thousand other domains hosted on the same
set of hardware (notice that same exact issue of collateral damage ended
up derailing a Pennsylvania law regarding the blocking of sites hosting
child pornography).

Then there's the whole trust issue - though the Team Cymru guys do an awesome
job doing the bogon feed, it's rare that you have to suddenly list a new
bogon at 2AM on a weekend.  And there's guys that *are* doing a good job
at tracking down and getting these sites mitigated, they prefer to get the
sites taken down at the source.  I'm not sure they would *want* to be trying
to do a BGP feed.

> NOTICE: This communication and any attachments may contain privileged or
> otherwise confidential information.

After you post to NANOG, it's not confidential, no matter what your legal eagles

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list