[93891] in North American Network Operators' Group
Re: Phishing and BGP Blackholing
daemon@ATHENA.MIT.EDU (Stephen Satchell)
Tue Jan 2 23:24:03 2007
Date: Tue, 02 Jan 2007 20:19:59 -0800
From: Stephen Satchell <list@satchell.net>
To: Valdis.Kletnieks@vt.edu
Cc: "Joy, Dylan" <DJoy@becu.org>, nanog@merit.edu
In-Reply-To: <200701030252.l032qQFA025916@turing-police.cc.vt.edu>
Errors-To: owner-nanog@merit.edu
Valdis.Kletnieks@vt.edu wrote:
> Then there's the whole trust issue - though the Team Cymru guys do an awesome
> job doing the bogon feed, it's rare that you have to suddenly list a new
> bogon at 2AM on a weekend. And there's guys that *are* doing a good job
> at tracking down and getting these sites mitigated, they prefer to get the
> sites taken down at the source. I'm not sure they would *want* to be trying
> to do a BGP feed.
As an operator of a large collections of Web hosting sites, I appreciate
the work of those guys who track down sites and send alerts. I can then
surgically remove the offending phishing sites quickly. When a customer
does the sites (and I've had a few of those) I usually find multiple
phishing payload sites...and the account is so closed so quickly that
the perps don't even have time to fetch the data they collected.
The champaionship record is nine payload-sites for different phishing
targets.
