North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BGP list of phishing sites?
warning. this is about humans rather than about IOS configs. hit D now. > >> Also, an "easy fix" like this may lower the pressure on the parties > >> who are really responsible for allowing this to happen: the makers > >> of insecure software / insecure operational procedures (banks!) and > >> gullible users. > > > actually, a bgp feed of this kind tends to supply the "missing > > causal vector" whereby someone who does something sloppy or bad ends > > up suffering for it. > > ??? I don't understand? the root cause of network abuse is humans and human behaviour, not hardware or software or corporations or corporate behaviour. if most people weren't sheep-like, they would pay some attention to the results of their actions and inactions. actions like buying something from a spammer or clicking the "unsubscribe me" button in spam mail, or running microsoft outlook. inactions like not installing patches that microsoft has supplied free of charge over the years. inactions like leaving their cable/DSL pee cee up 24x7 and never wondering why the activity light on their modem flickers constantly. but the vast majority of humanity is and has always been sheep-like. while i could talk about certain election victories and other meatspace examples, that would be even more off-topic than we already are, so let's just put it like this: if you want people to notice the results of their actions and inactions, then they have to be brought into the equation. don't let worms be symbiotic, make them host-killing parasites, and that will make the host bodies sit up and take notice. this trick works every time. > > ... the internet is very survivable and the necessary traffic always > > finds a way to get through. fixing layer >7 problems by denying > > layer 3 service has indeed proven to be the only way to get remote > > CEO's to care (or notice). > > Still, anti-spam blacklists are pretty much universally applied inside > SMTP implementations these days. So if 3828747.dhcp.bigcable.com is > blacklisted because it sources spam, people subscribing to the > blacklist will no longer receive spam from that host, but the host is > still capable of interacting with the net in general and the blacklist > users in particular over a host of other protocols. i'm trying to figure out why you think it's in your best interest to limit the impact of your defensive activities, or to limit the impact of sheep-like behaviour on the sheep-like humans who own these infected hosts. in psycho- babble the term would best apply to your proposal is "enabler". why do you want to enable this kind of sheep-like behaviour? what's in it for you? if you think it'll leave more pee cee's online and able to access your shopping cart system that's one thing. but if you think you're somehow helping the owners of these pee cees you're wrong. and you are in fact hurting yourself, and the rest of us, every time you choose to be an "enabler" rather than letting these people stew in their own sheep-like juices. if it's easier for you to BGP-blackhole these bad sources and the only reason you don't is because you think it would be unfair, then you're part of the problem and you're helping to make the problem worse. > ... > My position is that end-user networks should decide for themselves if > this is something they want, but it would be wrong for transit > networks to make these decisions for all their customers, especially > as they seem to be growing more and more impervious to incoming email > or phone support requests that require knowledge of the proper order > of the letters "I" and "P". thanks for explaining your position, and very clearly i might add. we're not so different -- i think "decide for themselves" is the right meme. but where we differ is on the questions of ownership and responsibility. every network has to take responsibility for the traffic is spews, and cannot just say "take it up with my customer" since they're getting paid to make the spew possible. and every network has to be able to say "this shall not pass!" concerning traffic that does not match their "AUP", and the only recourse their customers can have is to sign up with a different network. naturally, sean's and chris's employers don't see it that way at all, and prefer to take no responsibility and exercise no control, except where revenue is concerned.