North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BGP list of phishing sites?
[In the message entitled "Re: BGP list of phishing sites?" on Jun 28, 18:43, Simon Lockhart writes:] > > On Mon Jun 28, 2004 at 04:47:21PM +0000, Paul Vixie wrote: > > if it's easier for you to BGP-blackhole these bad sources and the only > > reason you don't is because you think it would be unfair, then you're > > part of the problem and you're helping to make the problem worse. > > It's wholy unfair to the innocent parties affected by the blacklisting. > i.e. the collateral damage. > > Say a phising site is "hosted" by geocities. Should geocities IP addresses > be added to the blacklist? > None of this would be an issue, if abuse desks were: 1. Responsive 2. Responsible 3. Empowered 4. Accountable Today, they are none of the above. If any of you out there think that isn't the case with your network, please let me know. I'll be happy to provide you with the spam from your network over the last 24 hours (or 24 days, or 24 months, or whatever other period you like). Blackholing is simply a way to draw immediate, and unmistakable attention to a problem, instead of sweeping it under the carpet. The problem is going to get worse before it gets better, much as it pains me to say that. Let's look at ways that it can be made better. A BGP feed, or other real time distribution method, can be used to let your abuse desk know that there is a problem, and to address it faster. It can be abused for this purpose as well, so it's important for *whatever* method is used to be run by responsible, accountable people. Think about it. Please. --