mailing list archives
Re: Tier1 blackholing policy?
From: Darius Jahandarie <djahandarie () gmail com>
Date: Tue, 30 Apr 2013 12:43:39 -0400
On Tue, Apr 30, 2013 at 11:22 AM, Tassos Chatzithomaoglou
<achatz () forthnetgroup gr> wrote:
I think blocking phishing sites vs blocking ddos require a different approach.
I think I agree with this, and I think it can help draw a useful line.
Large DDoS attacks can and do directly affect the service that the
"tier 1" is providing to its customers (namely, moving their bits), so
filtering such attacks seems like a reasonably agreeable thing by
really anyone I think.
Phishing on the other hand will not really stop bits from moving
(except perhaps through rather long chain of unlikely things that'd
have to happen).
The last-mile consumer ISPs don't just "move bits" for their customers
really, its more about providing "internet" (which is a different
concept to normal users) -- and this is where filtering phishing sites
and blocking port 25 and such makes much more sense, because these
users will have a highly degraded experience if they become a botnet
drone or some such thing.
Granted, as Patrick says, "tier 1" isn't really a thing, and they have
a mix of customers, but I think its safe to say that these "tier 1"
providers should apply different policies for different types of
customers, because they are providering different services (even if
the underlying technology is the same/similar).