On Apr 30, 2013, at 12:43 PM, Darius Jahandarie <djahandarie@gmail.com> wrote:
I think I agree with this, and I think it can help draw a useful line.
Large DDoS attacks can and do directly affect the service that the "tier 1" is providing to its customers (namely, moving their bits), so filtering such attacks seems like a reasonably agreeable thing by really anyone I think.
Phishing on the other hand will not really stop bits from moving (except perhaps through rather long chain of unlikely things that'd have to happen).
The last-mile consumer ISPs don't just "move bits" for their customers really, its more about providing "internet" (which is a different concept to normal users) -- and this is where filtering phishing sites and blocking port 25 and such makes much more sense, because these users will have a highly degraded experience if they become a botnet drone or some such thing.
If the phishing attack is against an enterprise that is also an ISP, surely you can imagine a case where they might block traffic to prevent folks from being phished. i think it's great that someone is blocking folks from being infected with either malware or giving up their private details improperly. Typically these sites are hacked anyways or something else. I think that keeping the broadest set of people from being phished or compromised is a good thing(tm). Typically a site is cleaned up in a few hours or day or two without trouble. If your communication is that urgent, there are other methods like phone to communicate with the other party. not ideal, but they do exist. - jared