On Sun, 27 Jun 2004, Scott Call wrote:
Happy Sunday nanogers...
I was doing some follow up reading on the "js.scob.trojan", the latest "hole big enough to drive a truck through" exploit for Internet Explorer.
On the the things the article mentioned is that ISP/NSPs are shutting off access to the web site in russia where the malware is being downloaded from.
Now we've done this in the past when a known target of a DDOS was upcoming or a known website hosted part of a malware package, and it is fairly effective in stopping the problems.
So what I was curious about is would there be interest in a BGP feed (like the DNSBLs used to be) to null route known malicious sites like that?
don't reinvent the wheel: www.cymru.com has a project already under way for this, with many operators participating at this time.