[162706] in North American Network Operators' Group
Re: Tier1 blackholing policy?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Apr 30 12:48:06 2013
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CAFANWtW+vhf0GuiRBGzFWFT6uaPK19VmRq=kCNVairma2dvs9w@mail.gmail.com>
Date: Tue, 30 Apr 2013 12:47:40 -0400
To: Darius Jahandarie <djahandarie@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 30, 2013, at 12:43 PM, Darius Jahandarie <djahandarie@gmail.com> =
wrote:
> I think I agree with this, and I think it can help draw a useful line.
>=20
> Large DDoS attacks can and do directly affect the service that the
> "tier 1" is providing to its customers (namely, moving their bits), so
> filtering such attacks seems like a reasonably agreeable thing by
> really anyone I think.
>=20
> Phishing on the other hand will not really stop bits from moving
> (except perhaps through rather long chain of unlikely things that'd
> have to happen).
>=20
> The last-mile consumer ISPs don't just "move bits" for their customers
> really, its more about providing "internet" (which is a different
> concept to normal users) -- and this is where filtering phishing sites
> and blocking port 25 and such makes much more sense, because these
> users will have a highly degraded experience if they become a botnet
> drone or some such thing.
If the phishing attack is against an enterprise that is also an ISP, =
surely you can imagine a case where they might block traffic to prevent =
folks from being phished.
i think it's great that someone is blocking folks from being infected =
with either malware or giving up their private details improperly.
Typically these sites are hacked anyways or something else. I think =
that keeping the broadest set of people from being phished or =
compromised is a good thing(tm). Typically a site is cleaned up in a =
few hours or day or two without trouble. If your communication is that =
urgent, there are other methods like phone to communicate with the other =
party. not ideal, but they do exist.
- jared=
