nanog mailing list archives

Re: BGP list of phishing sites?

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Sun, 27 Jun 2004 18:34:07 +0000 (GMT)




On Sun, 27 Jun 2004, Scott Call wrote:


Happy Sunday nanogers...

I was doing some follow up reading on the "js.scob.trojan", the latest
"hole big enough to drive a truck through" exploit for Internet Explorer.

On the the things the article mentioned is that ISP/NSPs are shutting off
access to the web site in russia where the malware is being downloaded
from.

Now we've done this in the past when a known target of a DDOS was upcoming
or a known website hosted part of a malware package, and it is fairly
effective in stopping the problems.

So what I was curious about is would there be interest in a BGP feed (like
the DNSBLs used to be) to null route known malicious sites like that?


don't reinvent the wheel: www.cymru.com has a project already under way
for this, with many operators participating at this time.

Current thread:

BGP list of phishing sites? Scott Call (Jun 27)
- Re: BGP list of phishing sites? Christopher L. Morrow (Jun 27)
- Re: BGP list of phishing sites? Iljitsch van Beijnum (Jun 27)
  - Re: BGP list of phishing sites? Paul Vixie (Jun 27)
- Re: BGP list of phishing sites? Website behind Net attack offline Henry Linneweh (Jun 27)
- Re: BGP list of phishing sites? Stephen J. Wilcox (Jun 28)
  - Re: BGP list of phishing sites? Patrick W Gilmore (Jun 28)
    - Re: BGP list of phishing sites? Dan Hollis (Jun 28)
    - Re: BGP list of phishing sites? Patrick W Gilmore (Jun 28)
    - Re: BGP list of phishing sites? Edward B. Dreger (Jun 28)
    - Re: BGP list of phishing sites? Christopher L. Morrow (Jun 28)
    - Re: BGP list of phishing sites? Michael . Dillon (Jun 29)

(Thread continues...)