North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Phishing and BGP Blackholing
On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said: > I'm curious if anyone can answer whether there has been any traction > made relative to blocking egress traffic (via BGP) on US backbones which > is destined to IP addresses used for fraudulent purposes, such as > phishing sites. > > I'm sure there are several challenges to implementing this... Well, there's the whole "collateral damage" issue - often, these things pop up on hosting sites, where trying to null-route www.phishers-r-us.com will also break access to several thousand other domains hosted on the same set of hardware (notice that same exact issue of collateral damage ended up derailing a Pennsylvania law regarding the blocking of sites hosting child pornography). Then there's the whole trust issue - though the Team Cymru guys do an awesome job doing the bogon feed, it's rare that you have to suddenly list a new bogon at 2AM on a weekend. And there's guys that *are* doing a good job at tracking down and getting these sites mitigated, they prefer to get the sites taken down at the source. I'm not sure they would *want* to be trying to do a BGP feed. > NOTICE: This communication and any attachments may contain privileged or > otherwise confidential information. After you post to NANOG, it's not confidential, no matter what your legal eagles pretend.