The biggest challenge I can see is scrubbing phishing reports that aren't.. themselves.. maliciously crafted phishing attacks against a registry of such addresses. Likewise, since BGP isn't application aware, when you blackhole an address that's both website and mail server, how do you inform the end user about their problem, or get a notice from them that it's been fixed? This kind of solution has a huge trust factor hole in it. Distributing a BGP based blackhole list is trivial. The intelligence that goes into it is the hard part. There are companies that provide managed services like this (bgp blackhole route servers for known problem sites, like drone C&C's). (disclaimer: I do development for one.) - billn On Tue, 2 Jan 2007, Joy, Dylan wrote:
Happy New Year all,
I'm curious if anyone can answer whether there has been any traction made relative to blocking egress traffic (via BGP) on US backbones which is destined to IP addresses used for fraudulent purposes, such as phishing sites.
I'm sure there are several challenges to implementing this...
Regards, Dylan Joy Network Security Analyst, BECU
NOTICE: This communication and any attachments may contain privileged or otherwise confidential information. If you are not the intended recipient or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received without printing, copying, retransmitting, disseminating, or otherwise using the information. Thank you.