[73116] in North American Network Operators' Group
RE: BGP-based blackholing/hijacking patented in Australia?
daemon@ATHENA.MIT.EDU (Michel Py)
Fri Aug 13 02:31:46 2004
Date: Thu, 12 Aug 2004 23:30:53 -0700
From: "Michel Py" <michel@arneill-py.sacramento.ca.us>
To: "Bevan Slattery" <bevan@pipenetworks.com>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
> Bevan Slattery wrote:
> Just to ease peoples concerns, the patent has nothing
> to do with blackholing. A brief description of the
> way it works can be found here:
I believe that I am not the only one that is concerned precisely because =
it is _not_ blackholing, it is hijacking, no matter how legitimate the =
reason.
<me puts the devil's advocate suit on>
To say it bluntly, it smells a lot like the illegitimate offspring of an =
RBL and Verisign's wildcard deal. The phishing con artists redirect the =
unsuspecting mark to a third-party site, and this stuff also redirects =
the unsuspecting mark to another page:
> Where is the user re-routed to? If an end user is a victim of a scam
> and is redirected via the ScamSlam system, then the page they are
> redirected to is specified by the agency entering the scam data.
D=E9j=E0 vu: redirect the user's mistakes/stupidity to one's own =
business.
What tells me that the agency is not the back office of the phishing =
scheme in the first place? Same as spyware: there is anti-spyware out =
there that deletes all the spyware installed by their competitors and =
conveniently "forgets" to detect or fix their own.
And I also do see good opportunity for joe-jobs here: get some el-cheapo =
hosting on the hosting server that you want to take down, setup a fake =
phishing web page, then send phishing email and/or report the dummy =
phishing to the agency. The IP gets blacklisted and takes down thousands =
of web sites along with the one that bozo paid $10 one-time for. Gee, it =
costs less than a movie and popcorn.
</me puts the devil's advocate suit on>
Oh BTW, good luck trying to blacklist a large zombie pool that =
collectively hosts the phishing page and individually send their own =
address and listening port in the phishing email. Why phish on a single =
IP when one can phish distributed?
Anyway, what's the difference with blackholing? The route-map sets the =
next-hop to a NAT box that dynamically binds the IP addresses contained =
in the BGP feed (instead of setting the next-hop to a blackhole)? BFD.
Trying to patent the wheel is not good for credibility, nor is using the =
very same stinky methods as the scam artists.
Michel.
