[71971] in North American Network Operators' Group
Re: BGP list of phishing sites?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sun Jun 27 14:34:44 2004
Date: Sun, 27 Jun 2004 18:34:07 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <Pine.LNX.4.60.0406271106170.24587@twomix.devolution.com>
To: Scott Call <scall@devolution.com>
Cc: nanog@nanog.org
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 27 Jun 2004, Scott Call wrote:
>
> Happy Sunday nanogers...
>
> I was doing some follow up reading on the "js.scob.trojan", the latest
> "hole big enough to drive a truck through" exploit for Internet Explorer.
>
> On the the things the article mentioned is that ISP/NSPs are shutting off
> access to the web site in russia where the malware is being downloaded
> from.
>
> Now we've done this in the past when a known target of a DDOS was upcoming
> or a known website hosted part of a malware package, and it is fairly
> effective in stopping the problems.
>
> So what I was curious about is would there be interest in a BGP feed (like
> the DNSBLs used to be) to null route known malicious sites like that?
>
don't reinvent the wheel: www.cymru.com has a project already under way
for this, with many operators participating at this time.
