North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Phishing and BGP Blackholing
On 3 Jan 2007, at 01:02, Joy, Dylan wrote:
I'm curious if anyone can answer whether there has been any traction made relative to blocking egress traffic (via BGP) on US backbones which is destined to IP addresses used for fraudulent purposes, such as phishing sites. I'm sure there are several challenges to implementing this...
I have often thought that this would be a brilliant idea (on paper), when working with one of my clients who suffer regular denial of service attacks through open http and socks proxies. They are a multi-homed end site running bgp4 on their edge networks.
From a 'problem solving' perspective, a Team Cymru-style bgp peer that injected very specific routes into their routing table, and matching configuration which caused those particular routes to be dropped would be ideal. Additions and deletions would be as close to real-time as possible.
From a political perspective, I could only advocate to clients such a service that had a strict policy of adding routes to addresses because of a provable policy infringement. For example, a route for 184.108.40.206/32 would only be announced by my bgp-blacklist peer if it could be demonstrated that a device reachable at 220.127.116.11 was an open http proxy (or socks proxy, or smtp relay).... and not because a phishing site was hosted there. Different priorities for different networks I guess ..
No interest in a service which requires companies running a blocked proxy to pay before the route/block is lifted. Also no interest in a service which blocks entire networks in the event of a policy infringement, only the polluting hosts. I mention this paragraph thanks to some of the policies of DNS-based email-abuse blacklists.
Phishing is content - when a service opens which filters based on content, there's a whole new can of worms being opened - what *else* is abusive content ? Does it stop being abusive content at some point ? If phishing is abusive, is pornography abuse ? A mouthy anti-West news agency ?
Anyone going to talk about this at Toronto ? Trying to justify taking a week 'off' to visit ... ;-)