Re: Tier1 blackholing policy?

[Jared Mauch <jared () puck nether net>]

On Apr 30, 2013, at 12:43 PM, Darius Jahandarie <djahandarie () gmail com> wrote:

> I think I agree with this, and I think it can help draw a useful line.
>
> Large DDoS attacks can and do directly affect the service that the
> "tier 1" is providing to its customers (namely, moving their bits), so
> filtering such attacks seems like a reasonably agreeable thing by
> really anyone I think.
>
> Phishing on the other hand will not really stop bits from moving
> (except perhaps through rather long chain of unlikely things that'd
> have to happen).
>
> The last-mile consumer ISPs don't just "move bits" for their customers
> really, its more about providing "internet" (which is a different
> concept to normal users) -- and this is where filtering phishing sites
> and blocking port 25 and such makes much more sense, because these
> users will have a highly degraded experience if they become a botnet
> drone or some such thing.

If the phishing attack is against an enterprise that is also an ISP, surely you can imagine a case where they might 
block traffic to prevent folks from being phished.

i think it's great that someone is blocking folks from being infected with either malware or giving up their private 
details improperly.

Typically these sites are hacked anyways or something else.  I think that keeping the broadest set of people from being 
phished or compromised is a good thing(tm).  Typically a site is cleaned up in a few hours or day or two without 
trouble.  If your communication is that urgent, there are other methods like phone to communicate with the other party. 
 not ideal, but they do exist.

- jared