[73090] in North American Network Operators' Group
RE: BGP-based blackholing/hijacking patented in Australia?
daemon@ATHENA.MIT.EDU (Barry Raveendran Greene)
Thu Aug 12 10:11:54 2004
From: "Barry Raveendran Greene" <bgreene@cisco.com>
To: <bgreene@cisco.com>
Date: Thu, 12 Aug 2004 07:12:35 -0700
In-Reply-To: <20040812101030.GC74928@snowcrash.tpb.net>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_00DD_01C4803B.C493E8B0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Just to set the history straight - so it is on the record. RTBH -
Remote Triggered Black Hole filtering reemerged as a key security
reaction tool when two things happened:
1. When Chris Morrow and Brian Gemberling shared their Backscatter
Traceback technique with the world.
http://www.secsup.org/Tracking/
2. When we - Cisco - created uRPF Loose Check to allow for source
based RTBH
(see attached for lots of my links)
My first use of RTBH - what Pipe is saying they invented - was back
in 1991 to stop an attack on a network I was operating. It was a
technique taught to me from someone at JVNCnet. I'm not sure who that
person was - but Steve Johnson - who worked at JVNCnet at that time
and was later my boss confirmed that they were using RTBH every now
and then.
Also note that at least one of the anti-SPAM solutions have used RTBH
for years. MAPS (http://www.mail-abuse.com/) started in 1996.
So it really surprises me that "Pipe has applied for a patent."
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> Behalf Of Niels Bakker
> Sent: Thursday, August 12, 2004 3:11 AM
> To: nanog@merit.edu
> Subject: BGP-based blackholing/hijacking patented in Australia?
>
>
>
> http://australianit.news.com.au/articles/0,7204,10394549%5E153
> 06%5E%5Enbv%5E,00.html
> 2004-08-10 (via InfoAnarchy)
>
> "Pipe has applied for a patent for its method of blocking
> access to deceptive websites linked to fraudulent emails
> that direct users to fake bank websites to capture bank
> account and password details. [..] "Pipe Networks managing
> director Bevan Slattery said Pipe had been testing a method
> of enabling banks, ISPs and law enforcement agencies to
> notify Pipe of new phishing emails. "Pipe could then
> distribute updated internet routing information to ISPs via
> the border gateway protocol, so internet users could not
> reach the fraudulent website."
>
> The implications of this are scary. Hijacking of IP space by
> a private company, supported by the government?
>
>
> -- Niels.
>
> --
> Today's subliminal thought is:
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQRt6x7/UEA/xivvmEQIMDwCgu728Asqpb5hJAC/PwJVzMJfPsW4AoNtu
y9Bg5VAUS8f3lqheCknRCrRx
=gB4B
-----END PGP SIGNATURE-----
------=_NextPart_000_00DD_01C4803B.C493E8B0
Content-Type: text/plain;
name="SP Security Links.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="SP Security Links.txt"
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D NEW =
Materials =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Powersession on Core Security (4-6 May 2004)
http://www.ciscoeventreg.net/go/networkers/agenda9.lasso
CPN Summit SP Security Materials (April 2004)
ftp://ftp-eng.cisco.com/cons/isp/security/CPN-Summit-2004/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
Public Materials =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
SP Security Materials
----------------------
Public On-Line ISP Security Bootcamp - Singapore Summer 2003
http://www.getitmm.com/bootcampflash/launch.html
Sign-On:
http://palomar.getitmm.com/bootcamp/
Much of the materials presented in the ISP Security Bootcamp builds on =
and assumes a basic understanding of the principles in the ISP =
Essentials materials. This whitepaper is now a book - ISP Essentials =
which can be purchased through Cisco Press (http://www.ciscopress.com/) =
or through another on-line book store. The supplements for the book =
along with the tutorials, workshops, and bootcamps presented by Philip =
and I are at:=20
ftp://ftp-eng.cisco.com/cons/
or=20
http://www.ispbook.com
TEAM CYMRU Templates and Tools
------------------------------
Team CYMRU provides configuration templates, security templates, and =
other services to help make the Internet a safer place to network. These =
can be found at:
http://www.cymru.com/
The Original Backscattered Traceback and Customer Triggered Remote =
Triggered Black Hole Techniques
-------------------------------------------------------------------------=
------------------------
http://www.secsup.org/Tracking/
http://www.secsup.org/CustomerBlackHole/
What is a BOTNET?
-----------------
One of the best write ups is from a freeware tool gone commercial (I =
guess so they can scale).
http://swatit.org/bots/index.html
BGP 'Attack Tree' - Realities of BGP Security
-------------------------------------------
Cisco's CIAG Team moves beyond the armchair hypothesizing of BGP =
Security Risk and runs test again the industry's multiple =
implementations of BGP
http://wwwin-people.cisco.com/sean/ciag-bgp-blackhatv2.pdf
Communities of People Working Together to Mitigate Miscreant Activities
-----------------------------------------------------------------------
+ Distributed Detection Systems Individuals and Organizations can =
Participate:
Dshield - www.dshield.org
My Netwatchman - www.mynetwatchman.com
NANOG SP Security Seminars and Talks
-------------------------------------
The NANOG Coordination Committee actively works to product sessions and =
seminars to help foster security on the Internet. All sessions are taped =
and converted to VOD for all to use for their personal education. Over =
time, this effort has generated a valuable On-Line Tutorial for =
engineers and organzations seeking to learn more about running a more =
secure network.
NANOG Security Tutorial Series
Tutorial: Implementing a Secure Network Infrastructure (Part I)
http://www.nanog.org/mtg-0310/kaeo.html
Tutorial: ISP Security - Real World Techniques I - Remote Triggered =
Black Hole Filtering and Backscatter Traceback.
http://www.nanog.org/mtg-0110/greene.html
Tutorial: ISP Security - Real World Techniques II - Secure the CPE Edge
http://www.nanog.org/mtg-0210/ispsecure.html
Tutorial: ISP Security: Deploying and Using Sinkholes
http://www.nanog.org/mtg-0306/sink.html
Tutorial: Deploying IP Anycast
http://www.nanog.org/mtg-0310/miller.html
NANOG Security Sessions
Watching Your Router Configurations and Detecting Those Exciting Little =
Changes
http://www.nanog.org/mtg-0310/rancid.html
Building a Web of Trust
http://www.nanog.org/mtg-0310/abley.html
The Relationship Between Network Security and Spam
http://www.nanog.org/mtg-0310/spam.html
Simple Router Security, What Every ISP Router Engineer Should Know and =
Practice
http://www.nanog.org/mtg-0310/routersec.html
Flawed Routers Flood University of Wisconsin Internet Time Server
http://www.nanog.org/mtg-0310/plonka.html
Trends in Denial of Service Attack Technology
http://www.nanog.org/mtg-0110/cert.html
Recent Internet Worms: Who Are the Victims, and How Good Are We at =
Getting the Word Out?
` http://www.nanog.org/mtg-0110/moore.html
DoS Attacks in the Real World
http://www.nanog.org/mtg-0110/irc.html
Diversion & Sieving Techniques to Defeat DDoS
http://www.nanog.org/mtg-0110/afek.html
DNS Damage - Measurements at a Root Server
http://www.nanog.org/mtg-0202/evi.html
Protecting the BGP Routes to Top Level DNS Servers
http://www.nanog.org/mtg-0206/bush.html
BGP Security Update
http://www.nanog.org/mtg-0206/barry.html
Industry/Government Infrastructure Vulnerability Assessment: Background =
and Recommendations
http://www.nanog.org/mtg-0206/avi.html
A National Strategy to Secure Cyberspace
http://www.nanog.org/mtg-0210/sachs.html
How to 0wn the Internet in Your Spare Time
http://www.nanog.org/mtg-0210/vern.html
ISP Security BOF I
http://www.nanog.org/mtg-0210/securebof.html
The Spread of the Sapphire/Slammer Worm
http://www.nanog.org/mtg-0302/weaver.html
ISP Security BOF II
http://www.nanog.org/mtg-0302/securebof.html
The BGP TTL Security Hack
http://www.nanog.org/mtg-0302/hack.html
Security Considerations for Network Architecture
http://www.nanog.org/mtg-0302/avi.html
Lack of Priority Queuing on Route Processors Considered Harmful
http://www.nanog.org/mtg-0302/gill.html
Interception Technology: The Good, The Bad, and The Ugly!
http://www.nanog.org/mtg-0306/schiller.html
The NIAC Vulnerability Disclosure Framework and What It Might Mean to =
the ISP Community
http://www.nanog.org/mtg-0306/duncan.html
Inter-Provider Coordination for Real-Time Tracebacks
http://www.nanog.org/mtg-0306/moriarity.html
ISP Security BOF III
http://www.nanog.org/mtg-0306/securitybof.html
S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a =
Compromise to Get It?
http://www.nanog.org/mtg-0306/sbgp.html
BGP Vulnerability Testing: Separating Fact from FUD
http://www.nanog.org/mtg-0306/franz.html
BGP Attack Trees - Real World Examples
http://www.nanog.org/mtg-0306/hares.html
NRIC Best Practices for ISP Security
http://www.nanog.org/mtg-0306/callon.html
RIPE-46 NSP Security BoF
------------------------
RIPE-46 BoF: NSP-SEC (Hank Nussbacher)=20
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-nsp=
-sec.pdf
IRT Object in the RIPE Database (Ulrich Kiermayr)=20
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-irt=
.pdf
Operational Security Requirements (George M. Jones)=20
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-techsec-op=
s-security.pdf
Infrastructure Security (Nicholas Fischbach)=20
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-fis=
chbach.pdf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D End =
Public Materials =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
------=_NextPart_000_00DD_01C4803B.C493E8B0--
