North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP-based blackholing/hijacking patented in Australia?

  • From: Bevan Slattery
  • Date: Fri Aug 13 07:37:08 2004

William,

At 06:15 PM 13/08/2004, william(at)elan.net wrote:
And based on what I've read, the above has a lot to do with blackholing, I
don't see how patent can be claimed on this system with so many cases of
prior work of similar nature.
The service mainly uses the process of what we have made a patent application. The application is regarding that particular process (not blackholing).

I agree with above, its not hijacking as far as it does not effect the
whole internet and it only effects local ISP that chooses to use such a
service.
The service doesn't use a transparent firewall/proxy, but instead updates routing information by BGP and that traffic gets sent to:from the system via a tunnel.

here its letting somebody else to control
your firewall and allow to add new entries there in real-time and I'd be
carefull in choosing to trust such external service.
As per above.

At the same time
this all sounds a lot like real time dns blacklist service and those
are widely used and commerical services such as MAPS do exist as well
as numerious non-commercial dnsbl which are trusted by thousands of ISPs.
true.

the answer said this is
hostile list and chosen not to answer ANY of the legitimate concerns
sited by Mychel, this was completely inappropriate behavior if they are
insterested in having this technology and their company seriously
considered)
It depends on which side you look at it from. I actually respect ISP lists in that if well considered and measured discussion is able to be undertaken, then they are indeed extremely valuable and very informative. However in my experience, when someone doesn't have the courtesy to first ask, but instead rants about what they think and not what they know, then any response to such a comment, merely inflames the matter to a level where any reasonable discussion/points are drowned out by emotive flame throwing.

I decided, as part of my respect to the list and the people who participate within it that I wouldn't turn it in to a flamefest. I can't remember saying that the list is hostile, but made a somewhat smart remark regarding the hostility from a particular person when I tried to enter some discussion on the issue. A person, who as it appears got it wrong that the patent is regarding "blackholing" then got it wrong that we were "firewalling" then decided to make some emotive comments that were not very constructive.

For some history as to how/why we did this:

I work at PIPE Networks (which stands for Public Internet Protocol Exchange). We are a peering provider in .au - we are actually Australia's largest peering provider, but in the global sense that doesn't mean much :)

Being in the internet industry and Australian, we have a propensity to drink beer - and a lot of it. One night about 6 months ago, we hosted a Internet Industry night and quite a few of our biggest customers attended. The topic turned to how much of a "pain in the arse" phishing was for our ISP clients. When we enquired, our clients explained that they receive "requests" from the Australian Federal Police to "take down" phishing attacks. These can be via a number of means fax, email etc... Now to take down a site, it usually means blackhole. The ISP's didn't like that - but it was their only solution. You see, in Australia if you knowingly allow a carriage service (which internet transit is) to be used to conduct a crime, then that is a federal offence. So the ISP's were getting faxes and emails saying "block this" "block that". And they would have to.

It was discussed over many beers, that "we need a central system to do this" what can PIPE do. So we went away and thought about it. We knew blackholing was not appropriate from an ISP perspective, because the end user clicks on a link and gets an error page. They haven't learnt anything and could fall prey again. Secondly, they usually rang the ISP to say "I am trying to get to my bank site and it gives me an error".

So we created a system that uses BGP and tunnels to redirect that traffic and present something at least mildly intelligent to the users. The next issue we thought of is that we think what we are doing is somewhat unique, because it isn't blackholing, isn't firewalling isn't a lot of things.

So we thought, we would look at protecting what we are doing in case some big software/security firm flogs the concept and calls it their own and they might ask us to pay them money for our idea. Now if we are indeed re-inventing the wheel, then it's not going to fly simple as that. Beside if it is such a stupid idea, then no-one is going to use it regardless.

So at the end of the day, we are offering an optional service to our customers who may/may not use it, however one that makes their life easier and assists the AFP to distribute the scams other than via fax/email...

Cheers

[b]