Phishing and BGP Blackholing
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jan 3 02:52:26 UTC 2007
On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said:
> I'm curious if anyone can answer whether there has been any traction
> made relative to blocking egress traffic (via BGP) on US backbones which
> is destined to IP addresses used for fraudulent purposes, such as
> phishing sites.
>
> I'm sure there are several challenges to implementing this...
Well, there's the whole "collateral damage" issue - often, these things pop up
on hosting sites, where trying to null-route www.phishers-r-us.com will
also break access to several thousand other domains hosted on the same
set of hardware (notice that same exact issue of collateral damage ended
up derailing a Pennsylvania law regarding the blocking of sites hosting
child pornography).
Then there's the whole trust issue - though the Team Cymru guys do an awesome
job doing the bogon feed, it's rare that you have to suddenly list a new
bogon at 2AM on a weekend. And there's guys that *are* doing a good job
at tracking down and getting these sites mitigated, they prefer to get the
sites taken down at the source. I'm not sure they would *want* to be trying
to do a BGP feed.
> NOTICE: This communication and any attachments may contain privileged or
> otherwise confidential information.
After you post to NANOG, it's not confidential, no matter what your legal eagles
pretend.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070102/b04f43cf/attachment.sig>
More information about the NANOG
mailing list