[71973] in North American Network Operators' Group
Re: BGP list of phishing sites?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sun Jun 27 16:45:00 2004
In-Reply-To: <Pine.LNX.4.60.0406271106170.24587@twomix.devolution.com>
Cc: nanog@nanog.org
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 27 Jun 2004 22:44:13 +0200
To: Scott Call <scall@devolution.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 27-jun-04, at 20:17, Scott Call wrote:
> On the the things the article mentioned is that ISP/NSPs are shutting
> off access to the web site in russia where the malware is being
> downloaded from.
> Now we've done this in the past when a known target of a DDOS was
> upcoming or a known website hosted part of a malware package, and it
> is fairly effective in stopping the problems.
> So what I was curious about is would there be interest in a BGP feed
> (like the DNSBLs used to be) to null route known malicious sites like
> that?
I'm sure there is; but I'm slightly worried that transit networks may
be tempted to subscribe to such a feed and in essence start censoring
their customer's access to the net.
Also, an "easy fix" like this may lower the pressure on the parties who
are really responsible for allowing this to happen: the makers of
insecure software / insecure operational procedures (banks!) and
gullible users.
Fixing layer 7+ problems at layer 3 just doesn't work and leads to
significant collateral damage in the long run.
