RE: BGP-based blackholing/hijacking patented in Australia?
Bevan Slattery wrote: Just to ease peoples concerns, the patent has nothing to do with blackholing. A brief description of the way it works can be found here:
I believe that I am not the only one that is concerned precisely because it is _not_ blackholing, it is hijacking, no matter how legitimate the reason. <me puts the devil's advocate suit on> To say it bluntly, it smells a lot like the illegitimate offspring of an RBL and Verisign's wildcard deal. The phishing con artists redirect the unsuspecting mark to a third-party site, and this stuff also redirects the unsuspecting mark to another page:
Where is the user re-routed to? If an end user is a victim of a scam and is redirected via the ScamSlam system, then the page they are redirected to is specified by the agency entering the scam data.
Déjà vu: redirect the user's mistakes/stupidity to one's own business. What tells me that the agency is not the back office of the phishing scheme in the first place? Same as spyware: there is anti-spyware out there that deletes all the spyware installed by their competitors and conveniently "forgets" to detect or fix their own. And I also do see good opportunity for joe-jobs here: get some el-cheapo hosting on the hosting server that you want to take down, setup a fake phishing web page, then send phishing email and/or report the dummy phishing to the agency. The IP gets blacklisted and takes down thousands of web sites along with the one that bozo paid $10 one-time for. Gee, it costs less than a movie and popcorn. </me puts the devil's advocate suit on> Oh BTW, good luck trying to blacklist a large zombie pool that collectively hosts the phishing page and individually send their own address and listening port in the phishing email. Why phish on a single IP when one can phish distributed? Anyway, what's the difference with blackholing? The route-map sets the next-hop to a NAT box that dynamically binds the IP addresses contained in the BGP feed (instead of setting the next-hop to a blackhole)? BFD. Trying to patent the wheel is not good for credibility, nor is using the very same stinky methods as the scam artists. Michel.
Redirecting is nothing new and has been around for years, it was never a real problem until washington and the media stuck their face into something they had no clue about, as usual. I am certain there are ways to prevent redirection and those should be applied without a congressional hearing...... -Henry --- Michel Py <michel@arneill-py.sacramento.ca.us> wrote:
Bevan Slattery wrote: Just to ease peoples concerns, the patent has nothing to do with blackholing. A brief description of the way it works can be found here:
I believe that I am not the only one that is concerned precisely because it is _not_ blackholing, it is hijacking, no matter how legitimate the reason.
<me puts the devil's advocate suit on>
To say it bluntly, it smells a lot like the illegitimate offspring of an RBL and Verisign's wildcard deal. The phishing con artists redirect the unsuspecting mark to a third-party site, and this stuff also redirects the unsuspecting mark to another page:
Where is the user re-routed to? If an end user is a victim of a scam and is redirected via the ScamSlam system, then the page they are redirected to is specified by the agency entering the scam data.
D�j� vu: redirect the user's mistakes/stupidity to one's own business.
What tells me that the agency is not the back office of the phishing scheme in the first place? Same as spyware: there is anti-spyware out there that deletes all the spyware installed by their competitors and conveniently "forgets" to detect or fix their own.
And I also do see good opportunity for joe-jobs here: get some el-cheapo hosting on the hosting server that you want to take down, setup a fake phishing web page, then send phishing email and/or report the dummy phishing to the agency. The IP gets blacklisted and takes down thousands of web sites along with the one that bozo paid $10 one-time for. Gee, it costs less than a movie and popcorn.
</me puts the devil's advocate suit on>
Oh BTW, good luck trying to blacklist a large zombie pool that collectively hosts the phishing page and individually send their own address and listening port in the phishing email. Why phish on a single IP when one can phish distributed?
Anyway, what's the difference with blackholing? The route-map sets the next-hop to a NAT box that dynamically binds the IP addresses contained in the BGP feed (instead of setting the next-hop to a blackhole)? BFD.
Trying to patent the wheel is not good for credibility, nor is using the very same stinky methods as the scam artists.
Michel.
participants (2)
-
Henry Linneweh
-
Michel Py