On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said:
I'm curious if anyone can answer whether there has been any traction made relative to blocking egress traffic (via BGP) on US backbones which is destined to IP addresses used for fraudulent purposes, such as phishing sites.
I'm sure there are several challenges to implementing this...
Well, there's the whole "collateral damage" issue - often, these things pop up on hosting sites, where trying to null-route www.phishers-r-us.com will also break access to several thousand other domains hosted on the same set of hardware (notice that same exact issue of collateral damage ended up derailing a Pennsylvania law regarding the blocking of sites hosting child pornography). Then there's the whole trust issue - though the Team Cymru guys do an awesome job doing the bogon feed, it's rare that you have to suddenly list a new bogon at 2AM on a weekend. And there's guys that *are* doing a good job at tracking down and getting these sites mitigated, they prefer to get the sites taken down at the source. I'm not sure they would *want* to be trying to do a BGP feed.
NOTICE: This communication and any attachments may contain privileged or otherwise confidential information.
After you post to NANOG, it's not confidential, no matter what your legal eagles pretend.