[93888] in North American Network Operators' Group
Re: Phishing and BGP Blackholing
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Jan 2 21:53:23 2007
To: "Joy, Dylan" <DJoy@becu.org>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 02 Jan 2007 17:02:02 PST."
<A461A82D32BB2A42AC4E66A57AE8E91204562375@tmcola.inside.becu.org>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 02 Jan 2007 21:52:26 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1167792746_3087P
Content-Type: text/plain; charset=us-ascii
On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said:
> I'm curious if anyone can answer whether there has been any traction
> made relative to blocking egress traffic (via BGP) on US backbones which
> is destined to IP addresses used for fraudulent purposes, such as
> phishing sites.
>
> I'm sure there are several challenges to implementing this...
Well, there's the whole "collateral damage" issue - often, these things pop up
on hosting sites, where trying to null-route www.phishers-r-us.com will
also break access to several thousand other domains hosted on the same
set of hardware (notice that same exact issue of collateral damage ended
up derailing a Pennsylvania law regarding the blocking of sites hosting
child pornography).
Then there's the whole trust issue - though the Team Cymru guys do an awesome
job doing the bogon feed, it's rare that you have to suddenly list a new
bogon at 2AM on a weekend. And there's guys that *are* doing a good job
at tracking down and getting these sites mitigated, they prefer to get the
sites taken down at the source. I'm not sure they would *want* to be trying
to do a BGP feed.
> NOTICE: This communication and any attachments may contain privileged or
> otherwise confidential information.
After you post to NANOG, it's not confidential, no matter what your legal eagles
pretend.
--==_Exmh_1167792746_3087P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFFmxpqcC3lWbTT17ARAmOXAKCfk6grGRHW0nOrAktk/60eoupiogCeOHw+
OwwE1FmUhn5oW/OT7bfITG0=
=+Sn6
-----END PGP SIGNATURE-----
--==_Exmh_1167792746_3087P--
