Re: BGP list of phishing sites?

[Patrick W Gilmore <patrick () ianai net>]

On Jun 28, 2004, at 6:24 PM, Iljitsch van Beijnum wrote:

> On 28-jun-04, at 18:47, Paul Vixie wrote:
>
> > the root cause of network abuse is humans and human behaviour, not
> > hardware or software or corporations or corporate behaviour.  if most
> > people weren't sheep-like, they would pay some attention to the 
> > results
> > of their actions and inactions.
>
> It's easy to blame the user, and usually they deserve it, even if 
> they're innocent this time they're guilty of something else. But if 
> software is created in such a way that regular users manage to screw 
> up consistently, maybe the software can be improved rather than the 
> user chastised?

Software definitely needs to improve.

However, if you mailed out an attachment with the subject "this is a 
virus, do not click on it", encrypted it and put the password in the 
body, the virus would still spread like wildfire.

Never underestimate the power of human stupidity.

Which is why blacklists that depend on the ISP to continually train 
"lusers" or risk disconnectivity for non-stupid users  may not be the 
right approach.  People who run such ISPs CANNOT train all lusers all 
the time.  And the alternative is to not have end-user ISPs (i.e. not 
an option).

Or maybe that is the way to go.  I really don't know at this point.

But I do know if I were still running an ISP, I would instantly filter 
any user / host / netblock proven to be infected / C&C / phishing site 
/ etc.  And I would not subscribe to any blacklist which had entries 
for non "bad" IPs.

As I Am Not An ISP, I can only vote with my dollars.

Your network, your decision.  My dollars, my decision.  And I buy a lot 
of bandwidth.... :)

--
TTFN,
patrick