Re: BGP list of phishing sites?
It's wholy unfair to the innocent parties affected by the blacklisting. i.e. the collateral damage.
maybe so. but it'll happen anyway, because victims often have no recourse that won't inflict collateral damage. the aggregate microscopic damage of this kind is becoming measurable and "statistically interesting".
Say a phising site is "hosted" by geocities. Should geocities IP addresses be added to the blacklist?
What if it made it onto an akamaized service? Should all of akamai be blacklisted?
you're using terms like "unfair" and "innocent" and "should" in ways that lead me to wonder if we're having two different conversations here. the internet has no government, no constitution, no laws, no rights, no police, no courts. don't talk about fairness or innocence, and don't talk about what should be done. instead, talk about what is being done and what will be done by the amorphous unreachable undefinable blob called "the internet user base." if the cost:benefit is right for an endsystem to blackhole akamai or geocities then they will do it, no matter how unfair anybody else thinks it is, or how innocent other people think akamai/geocities might be, and no matter how much you or anybody may think that something different "should" be done. welcome to the "dog-eat-dog phase." spammers and phishers don't care about what's fair or who's innocent. sean's and chris's employers certainly don't want to be lectured to about what others think "should" be done. the end result is that victims are caring less and less about false positives or collateral damage -- nobody wants to be the last one to stop caring, since the other name for that person is "rube" (or sometimes "dupe".) while i've been keen to criticize sean's and chris's employers here, i do it for entertainment value (my own, and the lurkers who occasionally tell me i owe them a new keyboard because i was unexpectedly funny) and not because i think sean or chris or their employers are wondering what i think they "should" do.
... a) IP address that happen to have $nasty at one end of them; or b) IP address for whom no abuse desk even gives a response (even "we know, go away") when informed of $nasty. ... Seems to me (b) is, in general, a lot more reasonable than (a) particularly where there is very likely >1 administrative zone per IP address (for example HTTP/1.1). It also better satisfies Paul's criterion of being more likely to engender better behaviour (read: responsibility of network work operators for downstream traffic) if behaviour of the reporter is proportionate & targeted.
my sister called me last night to tell me that she was unable to receive mail from southwest airlines, and that her e-ticket was in limbo for some flight somewhere. i checked and sure enough southwest airlines has sent me three or messages per day that i don't want, for most days out of the last six months. since neither southwest nor their ISP was willing to take any responsibility for this unwanted e-mail, i blackholed them, and i guess that means they'll have to fax that e-ticket. or something. it's not my problem. as a victim, i can't let it be my problem. if someone wants their traffic to be accepted then they'll have to maintain a good reputation, which will in the future be automated in various ways including webs of trust/guaranty, forfeitable deposits, micropayments, and "living in better neighborhoods". in that way e-space will catch up to meat-space.
WRT "apply greater sanctions", it is possible of course, though perhaps neither desirable nor scalable, to filter at layer>3 all sites on given IPs to minimize collateral damage. See http://www.theregister.co.uk/2004/06/07/bt_cleanfeed_analysis/
collateral damage is irrelevant now. minimizing it makes the problem worse, maximizing it just costs you in lawyer payments, it's every endsystem for itself now. john gilmore warned me that i was hastening this day when i started the first RBL. i didn't consider it avoidable, then or now. we were both right.
participants (1)
-
Paul Vixie