On Tue, Apr 30, 2013 at 11:22 AM, Tassos Chatzithomaoglou <achatz@forthnetgroup.gr> wrote:
I think blocking phishing sites vs blocking ddos require a different approach.
I think I agree with this, and I think it can help draw a useful line. Large DDoS attacks can and do directly affect the service that the "tier 1" is providing to its customers (namely, moving their bits), so filtering such attacks seems like a reasonably agreeable thing by really anyone I think. Phishing on the other hand will not really stop bits from moving (except perhaps through rather long chain of unlikely things that'd have to happen). The last-mile consumer ISPs don't just "move bits" for their customers really, its more about providing "internet" (which is a different concept to normal users) -- and this is where filtering phishing sites and blocking port 25 and such makes much more sense, because these users will have a highly degraded experience if they become a botnet drone or some such thing. Granted, as Patrick says, "tier 1" isn't really a thing, and they have a mix of customers, but I think its safe to say that these "tier 1" providers should apply different policies for different types of customers, because they are providering different services (even if the underlying technology is the same/similar). -- Darius Jahandarie