An email was sent to the NANOG list on June 29th (http://seclists.org/nanog/2016/Jun/850) listing IP’s ASN’s and domains that were allegedly serving up ransom ware and malware. Ransomware is becoming an ever growing issue. If an ISP knows that a host is hosting a bot that is running ransomware are they ethically required to null route any traffic to and from those IP’s? Should they contact law enforcement? What about if you are an ISP should you null route traffic to the IP’s listed?
Leave a comment