|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: BGP-based blackholing/hijacking patented in Australia?
Redirecting is nothing new and has been around for years, it was never a real problem until washington and the media stuck their face into something they had no clue about, as usual. I am certain there are ways to prevent redirection and those should be applied without a congressional hearing...... -Henry --- Michel Py <[email protected]> wrote: > > > Bevan Slattery wrote: > > Just to ease peoples concerns, the patent has > nothing > > to do with blackholing. A brief description of > the > > way it works can be found here: > > I believe that I am not the only one that is > concerned precisely because it is _not_ blackholing, > it is hijacking, no matter how legitimate the > reason. > > <me puts the devil's advocate suit on> > > To say it bluntly, it smells a lot like the > illegitimate offspring of an RBL and Verisign's > wildcard deal. The phishing con artists redirect the > unsuspecting mark to a third-party site, and this > stuff also redirects the unsuspecting mark to > another page: > > > Where is the user re-routed to? If an end user is > a victim of a scam > > and is redirected via the ScamSlam system, then > the page they are > > redirected to is specified by the agency entering > the scam data. > > D�j� vu: redirect the user's mistakes/stupidity to > one's own business. > > What tells me that the agency is not the back office > of the phishing scheme in the first place? Same as > spyware: there is anti-spyware out there that > deletes all the spyware installed by their > competitors and conveniently "forgets" to detect or > fix their own. > > And I also do see good opportunity for joe-jobs > here: get some el-cheapo hosting on the hosting > server that you want to take down, setup a fake > phishing web page, then send phishing email and/or > report the dummy phishing to the agency. The IP gets > blacklisted and takes down thousands of web sites > along with the one that bozo paid $10 one-time for. > Gee, it costs less than a movie and popcorn. > > </me puts the devil's advocate suit on> > > > Oh BTW, good luck trying to blacklist a large zombie > pool that collectively hosts the phishing page and > individually send their own address and listening > port in the phishing email. Why phish on a single IP > when one can phish distributed? > > Anyway, what's the difference with blackholing? The > route-map sets the next-hop to a NAT box that > dynamically binds the IP addresses contained in the > BGP feed (instead of setting the next-hop to a > blackhole)? BFD. > > Trying to patent the wheel is not good for > credibility, nor is using the very same stinky > methods as the scam artists. > > Michel. > >
|