nanog mailing list archives
Re: Phishing and BGP Blackholing
From: Bill Nash <billn () billn net>
Date: Tue, 2 Jan 2007 23:24:41 -0700 (MST)
On Tue, 2 Jan 2007, Travis H. wrote:
On Tue, Jan 02, 2007 at 06:20:01PM -0700, Bill Nash wrote:The biggest challenge I can see is scrubbing phishing reports that aren't.. themselves.. maliciously crafted phishing attacks against a registry of such addresses.Can you rephrase that? I want to understand but I'm failing.
If you decide to operate some sort of registry for these sites, what's to stop a user from crafting what appears to be a malicious submission, with the intent of getting someone blackholed, just for grins and giggles? Again, trust factor.
IIRC, Riverhead DoS-mitigation systems use a similar mechanism for filtering out DoS packets en route.
I think Prolexic also uses a similiar method.
Oh, and yes, even for one IP, you're still going to have collateral damage if they're doing shared hosting, since one IP serves many sites. The only way around this is to actually do layer 7 decoding, but if the intruder can already set up one phishing account, I would be hesitant to assume the other co-located sites are really safe to browse.
Well, in many of those cases, you're talking about shared hosting environments, hundreds of mom and pop sites that actually are safe to browse, but running whatever vulnerable content-management kit was provided to them that got the box popped in the first place. - billn
Current thread:
- Phishing and BGP Blackholing Joy, Dylan (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Travis H. (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Travis H. (Jan 02)
- Re: Phishing and BGP Blackholing Randy Bush (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- RE: Phishing and BGP Blackholing Neil J. McRae (Jan 03)
- Re: Phishing and BGP Blackholing Florian Weimer (Jan 03)
- RE: Phishing and BGP Blackholing Neil J. McRae (Jan 03)
- Re: Phishing and BGP Blackholing Travis H. (Jan 17)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Mark Foster (Jan 02)
- Re: Phishing and BGP Blackholing Rich Kulawiec (Jan 03)
- on a different "manners" topic, was Re: Phishing... Edward Lewis (Jan 03)
- Re: on a different "manners" topic, was Re: Phishing... Justin M. Streiner (Jan 03)