William, At 06:15 PM 13/08/2004, william(at)elan.net wrote:

And based on what I've read, the above has a lot to do with blackholing, I don't see how patent can be claimed on this system with so many cases of prior work of similar nature.

The service mainly uses the process of what we have made a patent application. The application is regarding that particular process (not blackholing).

I agree with above, its not hijacking as far as it does not effect the whole internet and it only effects local ISP that chooses to use such a service.

The service doesn't use a transparent firewall/proxy, but instead updates routing information by BGP and that traffic gets sent to:from the system via a tunnel.

here its letting somebody else to control your firewall and allow to add new entries there in real-time and I'd be carefull in choosing to trust such external service.

As per above.

At the same time this all sounds a lot like real time dns blacklist service and those are widely used and commerical services such as MAPS do exist as well as numerious non-commercial dnsbl which are trusted by thousands of ISPs.

true.

the answer said this is hostile list and chosen not to answer ANY of the legitimate concerns sited by Mychel, this was completely inappropriate behavior if they are insterested in having this technology and their company seriously considered)

It depends on which side you look at it from. I actually respect ISP lists in that if well considered and measured discussion is able to be undertaken, then they are indeed extremely valuable and very informative. However in my experience, when someone doesn't have the courtesy to first ask, but instead rants about what they think and not what they know, then any response to such a comment, merely inflames the matter to a level where any reasonable discussion/points are drowned out by emotive flame throwing. I decided, as part of my respect to the list and the people who participate within it that I wouldn't turn it in to a flamefest. I can't remember saying that the list is hostile, but made a somewhat smart remark regarding the hostility from a particular person when I tried to enter some discussion on the issue. A person, who as it appears got it wrong that the patent is regarding "blackholing" then got it wrong that we were "firewalling" then decided to make some emotive comments that were not very constructive. For some history as to how/why we did this: I work at PIPE Networks (which stands for Public Internet Protocol Exchange). We are a peering provider in .au - we are actually Australia's largest peering provider, but in the global sense that doesn't mean much :) Being in the internet industry and Australian, we have a propensity to drink beer - and a lot of it. One night about 6 months ago, we hosted a Internet Industry night and quite a few of our biggest customers attended. The topic turned to how much of a "pain in the arse" phishing was for our ISP clients. When we enquired, our clients explained that they receive "requests" from the Australian Federal Police to "take down" phishing attacks. These can be via a number of means fax, email etc... Now to take down a site, it usually means blackhole. The ISP's didn't like that - but it was their only solution. You see, in Australia if you knowingly allow a carriage service (which internet transit is) to be used to conduct a crime, then that is a federal offence. So the ISP's were getting faxes and emails saying "block this" "block that". And they would have to. It was discussed over many beers, that "we need a central system to do this" what can PIPE do. So we went away and thought about it. We knew blackholing was not appropriate from an ISP perspective, because the end user clicks on a link and gets an error page. They haven't learnt anything and could fall prey again. Secondly, they usually rang the ISP to say "I am trying to get to my bank site and it gives me an error". So we created a system that uses BGP and tunnels to redirect that traffic and present something at least mildly intelligent to the users. The next issue we thought of is that we think what we are doing is somewhat unique, because it isn't blackholing, isn't firewalling isn't a lot of things. So we thought, we would look at protecting what we are doing in case some big software/security firm flogs the concept and calls it their own and they might ask us to pay them money for our idea. Now if we are indeed re-inventing the wheel, then it's not going to fly simple as that. Beside if it is such a stupid idea, then no-one is going to use it regardless. So at the end of the day, we are offering an optional service to our customers who may/may not use it, however one that makes their life easier and assists the AFP to distribute the scams other than via fax/email... Cheers [b]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

I've admittedly not read the entire thread, but Squid+GRE+WCCP comes to mind. That combination has been around more than six months.

Yep - WCCPv2 can be BGP triggered via a community. So you can have a bunch of devices (not just web) on a WCCPV2 service group sitting on the edge in standby mode. Kick out a BGP Community and you now have traffic heading over to the now active WCCPv2 service group. The industry has come up with lots of ways to do things like this. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQRzXSr/UEA/xivvmEQJ53gCgqAQOyLWzLvkQpZJVJv3Bq1X/Q6oAoLMF 8TB1OsStsVW95iZO8nAZrOEd =ibpR -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

The service doesn't use a transparent firewall/proxy, but instead updates routing information by BGP and that traffic gets sent to:from the system via a tunnel.

BGP Shunt to a tunnel is has been done by several providers on this list for years. In some cases, it has been used for Lawful Intercept (BGP Shunt down a GRE tunnel). Then there is the BGP Shunt down a MPLS tunnel (the MPLS Shunt). Colt was one of the first to deploy this: http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-eof-fis chbach.pdf -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQRzWEb/UEA/xivvmEQKxzACghLWMX8NxUqGLT/rARvQwWF6LVWQAnR3R xEuxWqhrC/q9A9HjQ0nsU9nX =S0M6 -----END PGP SIGNATURE-----

--On 14 August 2004 22:23 +0300 Hank Nussbacher <hank@mail.iucc.ac.il> wrote:

Predating this is Bellwether (June 2000):

Indeed. In days of "yore", when people developed at least marginally non-obvious operational techniques, people sent email to nanog about it, explaining the technique and their experience (hence the NOG bit); the reception wasn't always positive, but at least the criticism was technical. I wonder what the driving factor was for the change. Alex

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

The only implementation change to do this would be to provide a link from the webpage where user might have been redirected to the original website they wanted to access (it would have to be done by using proxy service since ip is not directly available). In such a case, this service in case of possibly bad ips only functions as an additional warning that webpage user wanted to access is considered not to be safe and may be used by phishers (is that correct term?). Most users would listen to such a warning and not give any of personal information if this was to be a bank website if they otherwise would have believed the phishing email. At the same time, if blackholing this site was not correct and user really does want to go to that website, person can just click on the link to continue.

Transparent banner insertion might be able to do this. Many of the caches out there coded this, but operators ended up not using it. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQRzUc7/UEA/xivvmEQJHNQCeNcFQDad4rNxA70hA91kmeVrAaSYAnirQ 5gxkVD3vmo6Lts0EyAd1MXOU =M5dw -----END PGP SIGNATURE-----