Home page logo

nanog logo nanog mailing list archives

Re: Tier1 blackholing policy?
From: Jared Mauch <jared () puck nether net>
Date: Tue, 30 Apr 2013 12:47:40 -0400

On Apr 30, 2013, at 12:43 PM, Darius Jahandarie <djahandarie () gmail com> wrote:

I think I agree with this, and I think it can help draw a useful line.

Large DDoS attacks can and do directly affect the service that the
"tier 1" is providing to its customers (namely, moving their bits), so
filtering such attacks seems like a reasonably agreeable thing by
really anyone I think.

Phishing on the other hand will not really stop bits from moving
(except perhaps through rather long chain of unlikely things that'd
have to happen).

The last-mile consumer ISPs don't just "move bits" for their customers
really, its more about providing "internet" (which is a different
concept to normal users) -- and this is where filtering phishing sites
and blocking port 25 and such makes much more sense, because these
users will have a highly degraded experience if they become a botnet
drone or some such thing.

If the phishing attack is against an enterprise that is also an ISP, surely you can imagine a case where they might 
block traffic to prevent folks from being phished.

i think it's great that someone is blocking folks from being infected with either malware or giving up their private 
details improperly.

Typically these sites are hacked anyways or something else.  I think that keeping the broadest set of people from being 
phished or compromised is a good thing(tm).  Typically a site is cleaned up in a few hours or day or two without 
trouble.  If your communication is that urgent, there are other methods like phone to communicate with the other party. 
 not ideal, but they do exist.

- jared

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]