http://www.news.com.au/common/story_page/0,4057,9975753%255E1702,00.html
-Henry --- Scott Call <[EMAIL PROTECTED]> wrote: > > Happy Sunday nanogers... > > I was doing some follow up reading on the > "js.scob.trojan", the latest > "hole big enough to drive a truck through" exploit > for Internet Explorer. > > On the the things the article mentioned is that > ISP/NSPs are shutting off > access to the web site in russia where the malware > is being downloaded > from. > > Now we've done this in the past when a known target > of a DDOS was upcoming > or a known website hosted part of a malware package, > and it is fairly > effective in stopping the problems. > > So what I was curious about is would there be > interest in a BGP feed (like > the DNSBLs used to be) to null route known malicious > sites like that? > > Obviously, both operational guidelines, and trust of > the operator would > have to be established, but I was thinking it might > be useful for a few > purposes: > > 1> IP addresses of well known sources of malicious > code (like in the > example above) > 2> DDOS mitigation (ISP/NSP can request a null route > of a prefix which > will save the "Internet at large" as well as the NSP > from the traffic > flood > 3> etc > > Since the purpose of this list would be to identify > and mitigate large > scale threats, things like spammers, etc would be > outside of it's charter. > > If anyone things this is a good (or bad) idea, > please let me know. > Obviously it's not fully cooked yet, but I wanted to > throw it out there. > > Thanks > -Scott >