nanog mailing list archives
Re: BGP list of phishing sites?
From: Alex Bligh <alex () alex org uk>
Date: Mon, 28 Jun 2004 21:16:20 +0100
--On 28 June 2004 18:43 +0100 Simon Lockhart <simon.lockhart () bbc co uk> wrote:
It's wholy unfair to the innocent parties affected by the blacklisting. i.e. the collateral damage. Say a phising site is "hosted" by geocities. Should geocities IP addresses be added to the blacklist? What if it made it onto an akamaized service? Should all of akamai be blacklisted?
This is an issue wider than spam, phishing, etc. That would depend on whether your block by IP address (forget whether this is BGP black hole lists, DNSRBL for SMTP etc.) is of a) IP address that happen to have $nasty at one end of them; or b) IP address for whom no abuse desk even gives a response (even "we know, go away") when informed of $nasty. It also depends on whether your response is "drop all packets" (a la BGP blackhole) or "apply greater sanctions". Seems to me (b) is, in general, a lot more reasonable than (a) particularly where there is very likely >1 administrative zone per IP address (for example HTTP/1.1). It also better satisfies Paul's criterion of being more likely to engender better behaviour (read: responsibility of network work operators for downstream traffic) if behaviour of the reporter is proportionate & targeted. WRT "apply greater sanctions", it is possible of course, though perhaps neither desirable nor scalable, to filter at layer>3 all sites on given IPs to minimize collateral damage. See http://www.theregister.co.uk/2004/06/07/bt_cleanfeed_analysis/ This is effectively what tools like spamassassin do when taking RBL type feeds as a scoring input to filtering, in a mail context. Alex
Current thread:
- Re: BGP list of phishing sites?, (continued)
- Re: BGP list of phishing sites? Patrick W Gilmore (Jun 28)
- Re: BGP list of phishing sites? Dan Hollis (Jun 28)
- Re: BGP list of phishing sites? Patrick W Gilmore (Jun 28)
- Re: BGP list of phishing sites? Edward B. Dreger (Jun 28)
- Re: BGP list of phishing sites? Christopher L. Morrow (Jun 28)
- Re: BGP list of phishing sites? Michael . Dillon (Jun 29)
- Re: BGP list of phishing sites? Dan Hollis (Jun 29)
- Re: BGP list of phishing sites? Patrick W Gilmore (Jun 28)
- Re: BGP list of phishing sites? Simon Lockhart (Jun 28)
- Re: BGP list of phishing sites? Petri Helenius (Jun 28)
- Re: BGP list of phishing sites? Alex Bligh (Jun 28)
- Re: BGP list of phishing sites? Paul Vixie (Jun 28)
- Re: BGP list of phishing sites? Patrick W Gilmore (Jun 28)
- Re: BGP list of phishing sites? Paul Vixie (Jun 28)
- Re: BGP list of phishing sites? Iljitsch van Beijnum (Jun 29)
- Re: BGP list of phishing sites? David Barak (Jun 29)
- Re: BGP list of phishing sites? Iljitsch van Beijnum (Jun 29)
- Re: BGP list of phishing sites? David Barak (Jun 29)