|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP list of phishing sites?
> > So what I was curious about is would there be interest in a BGP feed > > (like the DNSBLs used to be) to null route known malicious sites like > > that? i dunno much about this new-fangled "DNSBL" thing you speak of, but the original MAPS RBL is still alive and well and available by BGP. the fine folks now running MAPS include Dave Rand (my co-founder) and if you visit their web site (www.mail-abuse.org) you can probably figure out how to sign up for it. there's a fee involved, but there are lawyers involved, and those two things seem to come in pairs. > I'm sure there is; but I'm slightly worried that transit networks may > be tempted to subscribe to such a feed and in essence start censoring > their customer's access to the net. we (speaking for the original MAPS which i still had a hand in operating) faced that from most bgp-subscribing customers. there are easy workarounds. > Also, an "easy fix" like this may lower the pressure on the parties who > are really responsible for allowing this to happen: the makers of > insecure software / insecure operational procedures (banks!) and gullible > users. actually, a bgp feed of this kind tends to supply the "missing causal vector" whereby someone who does something sloppy or bad ends up suffering for it. > Fixing layer 7+ problems at layer 3 just doesn't work and leads to > significant collateral damage in the long run. that's what everybody always said about MAPS but it didn't happen. the internet is very survivable and the necessary traffic always finds a way to get through. fixing layer >7 problems by denying layer 3 service has indeed proven to be the only way to get remote CEO's to care (or notice). -- Paul Vixie
|