Re: Phishing and BGP Blackholing

[Valdis.Kletnieks () vt edu]

On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said:
> I'm curious if anyone can answer whether there has been any traction
> made relative to blocking egress traffic (via BGP) on US backbones which
> is destined to IP addresses used for fraudulent purposes, such as
> phishing sites.
>
> I'm sure there are several challenges to implementing this...

Well, there's the whole "collateral damage" issue - often, these things pop up
on hosting sites, where trying to null-route www.phishers-r-us.com will
also break access to several thousand other domains hosted on the same
set of hardware (notice that same exact issue of collateral damage ended
up derailing a Pennsylvania law regarding the blocking of sites hosting
child pornography).

Then there's the whole trust issue - though the Team Cymru guys do an awesome
job doing the bogon feed, it's rare that you have to suddenly list a new
bogon at 2AM on a weekend.  And there's guys that *are* doing a good job
at tracking down and getting these sites mitigated, they prefer to get the
sites taken down at the source.  I'm not sure they would *want* to be trying
to do a BGP feed.

> NOTICE: This communication and any attachments may contain privileged or
> otherwise confidential information.

After you post to NANOG, it's not confidential, no matter what your legal eagles
pretend.

Attachment: _bin
Description: