North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP list of phishing sites? Website behind Net attack offline

  • From: Henry Linneweh
  • Date: Sun Jun 27 19:05:35 2004

http://www.news.com.au/common/story_page/0,4057,9975753%255E1702,00.html

-Henry

--- Scott Call <[email protected]> wrote:
> 
> Happy Sunday nanogers...
> 
> I was doing some follow up reading on the
> "js.scob.trojan", the latest 
> "hole big enough to drive a truck through" exploit
> for Internet Explorer.
> 
> On the the things the article mentioned is that
> ISP/NSPs are shutting off 
> access to the web site in russia where the malware
> is being downloaded 
> from.
> 
> Now we've done this in the past when a known target
> of a DDOS was upcoming 
> or a known website hosted part of a malware package,
> and it is fairly 
> effective in stopping the problems.
> 
> So what I was curious about is would there be
> interest in a BGP feed (like 
> the DNSBLs used to be) to null route known malicious
> sites like that?
> 
> Obviously, both operational guidelines, and trust of
> the operator would 
> have to be established, but I was thinking it might
> be useful for a few 
> purposes:
> 
> 1> IP addresses of well known sources of malicious
> code (like in the 
> example above)
> 2> DDOS mitigation (ISP/NSP can request a null route
> of a prefix which 
> will save the "Internet at large" as well as the NSP
> from the traffic 
> flood
> 3> etc
> 
> Since the purpose of this list would be to identify
> and mitigate large 
> scale threats, things like spammers, etc would be
> outside of it's charter.
> 
> If anyone things this is a good (or bad) idea,
> please let me know. 
> Obviously it's not fully cooked yet, but I wanted to
> throw it out there.
> 
> Thanks
> -Scott
>