Congress may require ISPs to block fraud sites H.R.3817

Bill Stewart nonobvious at
Mon Nov 9 04:38:51 UTC 2009

If you're a consumer broadband provider, and you use a DNS blackhole
list so that any of your subscribers who tries to reach gets redirected to, you might be able to claim that you
complied with the law, though the law's aggressive enough that it
could be argued otherwise.

If you're a transit ISP providing upstream bandwidth the the broadband
provider, and some packets are addressed to, which is the IP
address of  a hosting site in Elbonia that carries and, the
fact that the broadband ISP was using a DNS blackhole list doesn't
protect you, because you're still routing packets to  You
could set up a /32 route to send that traffic to null0, censoring, or you could get fancy and route it to
some squid proxy that cleans up the traffic.  But of course the
phisher could be using fast-flux, so 5 minutes later that trick no
longer works, and by tomorrow the 100,000 phishing websites on the
list have added 1,000,000 routes to your peering routers...  Not
pleasant, but you don't really have much alternative.

             Thanks;     Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

More information about the NANOG mailing list