Redirecting is nothing new and has been around for years, it was never a real problem until washington and the media stuck their face into something they had no clue about, as usual. I am certain there are ways to prevent redirection and those should be applied without a congressional hearing...... -Henry --- Michel Py <michel@arneill-py.sacramento.ca.us> wrote:
Bevan Slattery wrote: Just to ease peoples concerns, the patent has nothing to do with blackholing. A brief description of the way it works can be found here:
I believe that I am not the only one that is concerned precisely because it is _not_ blackholing, it is hijacking, no matter how legitimate the reason.
<me puts the devil's advocate suit on>
To say it bluntly, it smells a lot like the illegitimate offspring of an RBL and Verisign's wildcard deal. The phishing con artists redirect the unsuspecting mark to a third-party site, and this stuff also redirects the unsuspecting mark to another page:
Where is the user re-routed to? If an end user is a victim of a scam and is redirected via the ScamSlam system, then the page they are redirected to is specified by the agency entering the scam data.
D�j� vu: redirect the user's mistakes/stupidity to one's own business.
What tells me that the agency is not the back office of the phishing scheme in the first place? Same as spyware: there is anti-spyware out there that deletes all the spyware installed by their competitors and conveniently "forgets" to detect or fix their own.
And I also do see good opportunity for joe-jobs here: get some el-cheapo hosting on the hosting server that you want to take down, setup a fake phishing web page, then send phishing email and/or report the dummy phishing to the agency. The IP gets blacklisted and takes down thousands of web sites along with the one that bozo paid $10 one-time for. Gee, it costs less than a movie and popcorn.
</me puts the devil's advocate suit on>
Oh BTW, good luck trying to blacklist a large zombie pool that collectively hosts the phishing page and individually send their own address and listening port in the phishing email. Why phish on a single IP when one can phish distributed?
Anyway, what's the difference with blackholing? The route-map sets the next-hop to a NAT box that dynamically binds the IP addresses contained in the BGP feed (instead of setting the next-hop to a blackhole)? BFD.
Trying to patent the wheel is not good for credibility, nor is using the very same stinky methods as the scam artists.
Michel.