[73127] in North American Network Operators' Group
RE: BGP-based blackholing/hijacking patented in Australia?
daemon@ATHENA.MIT.EDU (Henry Linneweh)
Fri Aug 13 07:47:23 2004
Date: Fri, 13 Aug 2004 04:46:34 -0700 (PDT)
From: Henry Linneweh <hrlinneweh@sbcglobal.net>
To: Michel Py <michel@arneill-py.sacramento.ca.us>,
Bevan Slattery <bevan@pipenetworks.com>
Cc: nanog@merit.edu
In-Reply-To: <DD7FE473A8C3C245ADA2A2FE1709D90B0DB342@server2003.arneill-py.sacramento.ca.us>
Errors-To: owner-nanog-outgoing@merit.edu
Redirecting is nothing new and has been around for
years, it was never a real problem until washington
and the media stuck their face into something they
had no clue about, as usual.
I am certain there are ways to prevent redirection and
those should be applied without a congressional
hearing......
-Henry
--- Michel Py <michel@arneill-py.sacramento.ca.us>
wrote:
>
> > Bevan Slattery wrote:
> > Just to ease peoples concerns, the patent has
> nothing
> > to do with blackholing. A brief description of
> the
> > way it works can be found here:
>
> I believe that I am not the only one that is
> concerned precisely because it is _not_ blackholing,
> it is hijacking, no matter how legitimate the
> reason.
>
> <me puts the devil's advocate suit on>
>
> To say it bluntly, it smells a lot like the
> illegitimate offspring of an RBL and Verisign's
> wildcard deal. The phishing con artists redirect the
> unsuspecting mark to a third-party site, and this
> stuff also redirects the unsuspecting mark to
> another page:
>
> > Where is the user re-routed to? If an end user is
> a victim of a scam
> > and is redirected via the ScamSlam system, then
> the page they are
> > redirected to is specified by the agency entering
> the scam data.
>
> Déjà vu: redirect the user's mistakes/stupidity to
> one's own business.
>
> What tells me that the agency is not the back office
> of the phishing scheme in the first place? Same as
> spyware: there is anti-spyware out there that
> deletes all the spyware installed by their
> competitors and conveniently "forgets" to detect or
> fix their own.
>
> And I also do see good opportunity for joe-jobs
> here: get some el-cheapo hosting on the hosting
> server that you want to take down, setup a fake
> phishing web page, then send phishing email and/or
> report the dummy phishing to the agency. The IP gets
> blacklisted and takes down thousands of web sites
> along with the one that bozo paid $10 one-time for.
> Gee, it costs less than a movie and popcorn.
>
> </me puts the devil's advocate suit on>
>
>
> Oh BTW, good luck trying to blacklist a large zombie
> pool that collectively hosts the phishing page and
> individually send their own address and listening
> port in the phishing email. Why phish on a single IP
> when one can phish distributed?
>
> Anyway, what's the difference with blackholing? The
> route-map sets the next-hop to a NAT box that
> dynamically binds the IP addresses contained in the
> BGP feed (instead of setting the next-hop to a
> blackhole)? BFD.
>
> Trying to patent the wheel is not good for
> credibility, nor is using the very same stinky
> methods as the scam artists.
>
> Michel.
>
>
