RE: BGP-based blackholing/hijacking patented in Australia?

Thu, 12 Aug 2004 07:12:46 -0700 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to set the history straight - so it is on the record. RTBH -
Remote Triggered Black Hole filtering reemerged as a key security
reaction tool when two things happened:

1. When Chris Morrow and Brian Gemberling shared their Backscatter
Traceback technique with the world.
http://www.secsup.org/Tracking/

2. When we - Cisco - created uRPF Loose Check to allow for source
based RTBH
(see attached for lots of my links)

My first use of RTBH - what Pipe is saying they invented - was back
in 1991 to stop an attack on a network I was operating. It was a
technique taught to me from someone at JVNCnet. I'm not sure who that
person was - but Steve Johnson - who worked at JVNCnet at that time
and was later my boss confirmed that they were using RTBH every now
and then.

Also note that at least one of the anti-SPAM solutions have used RTBH
for years. MAPS (http://www.mail-abuse.com/) started in 1996.

So it really surprises me that "Pipe has applied for a patent." 

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Niels Bakker
> Sent: Thursday, August 12, 2004 3:11 AM
> To: [EMAIL PROTECTED]
> Subject: BGP-based blackholing/hijacking patented in Australia?
> 
> 
> 
> http://australianit.news.com.au/articles/0,7204,10394549%5E153
> 06%5E%5Enbv%5E,00.html
> 2004-08-10 (via InfoAnarchy)
> 
> "Pipe has applied for a patent for its method of blocking 
> access to  deceptive websites linked to fraudulent emails 
> that direct users to  fake bank websites to capture bank 
> account and password details. [..] "Pipe Networks managing 
> director Bevan Slattery said Pipe had been  testing a method 
> of enabling banks, ISPs and law enforcement agencies  to 
> notify Pipe of new phishing emails. "Pipe could then 
> distribute updated internet routing information to ISPs  via 
> the border gateway protocol, so internet users could not 
> reach the  fraudulent website."
> 
> The implications of this are scary.  Hijacking of IP space by 
> a private company, supported by the government?
> 
> 
>       -- Niels.
> 
> -- 
> Today's subliminal thought is: 
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQRt6x7/UEA/xivvmEQIMDwCgu728Asqpb5hJAC/PwJVzMJfPsW4AoNtu
y9Bg5VAUS8f3lqheCknRCrRx
=gB4B
-----END PGP SIGNATURE-----
 
====================== NEW Materials =========================

Powersession on Core Security  (4-6 May 2004)
        http://www.ciscoeventreg.net/go/networkers/agenda9.lasso

CPN Summit SP Security Materials (April 2004)
        ftp://ftp-eng.cisco.com/cons/isp/security/CPN-Summit-2004/


====================== Public Materials ========================

SP Security Materials
----------------------

Public On-Line ISP Security Bootcamp - Singapore Summer 2003

http://www.getitmm.com/bootcampflash/launch.html

Sign-On:

http://palomar.getitmm.com/bootcamp/

Much of the materials presented in the ISP Security Bootcamp builds on and assumes a 
basic understanding of the principles in the ISP Essentials materials. This whitepaper 
is now a book - ISP Essentials which can be purchased through Cisco Press 
(http://www.ciscopress.com/) or through another on-line book store. The supplements 
for the book along with the tutorials, workshops, and bootcamps presented by Philip 
and I are at: 

      ftp://ftp-eng.cisco.com/cons/

or 

        http://www.ispbook.com


TEAM CYMRU Templates and Tools
------------------------------

Team CYMRU provides configuration templates, security templates, and other services to 
help make the Internet a safer place to network. These can be found at:

        http://www.cymru.com/


The Original Backscattered Traceback and Customer Triggered Remote Triggered Black 
Hole Techniques
-------------------------------------------------------------------------------------------------

http://www.secsup.org/Tracking/
http://www.secsup.org/CustomerBlackHole/


What is a BOTNET?
-----------------

One of the best write ups is from a freeware tool gone commercial (I guess so they can 
scale).

http://swatit.org/bots/index.html


BGP 'Attack Tree' - Realities of BGP Security
-------------------------------------------

Cisco's CIAG Team moves beyond the armchair hypothesizing of BGP Security Risk and 
runs test again the industry's multiple implementations of BGP

http://wwwin-people.cisco.com/sean/ciag-bgp-blackhatv2.pdf


Communities of People Working Together to Mitigate Miscreant Activities
-----------------------------------------------------------------------

+ Distributed Detection Systems Individuals and Organizations can Participate:

        Dshield -  www.dshield.org
        My Netwatchman - www.mynetwatchman.com


NANOG SP Security Seminars and Talks
-------------------------------------

The NANOG Coordination Committee actively works to product sessions and seminars to 
help foster security on the Internet. All sessions are taped and converted to VOD for 
all to use for their personal education. Over time, this effort has generated a 
valuable On-Line Tutorial for engineers and organzations seeking to learn more about 
running a more secure network.


NANOG Security Tutorial Series

Tutorial: Implementing a Secure Network Infrastructure (Part I)
        http://www.nanog.org/mtg-0310/kaeo.html

Tutorial: ISP Security - Real World Techniques I - Remote Triggered Black Hole 
Filtering and Backscatter Traceback.
        http://www.nanog.org/mtg-0110/greene.html

Tutorial: ISP Security - Real World Techniques II - Secure the CPE Edge
        http://www.nanog.org/mtg-0210/ispsecure.html

Tutorial: ISP Security: Deploying and Using Sinkholes
        http://www.nanog.org/mtg-0306/sink.html

Tutorial: Deploying IP Anycast
        http://www.nanog.org/mtg-0310/miller.html


NANOG Security Sessions


Watching Your Router Configurations and Detecting Those Exciting Little Changes
        http://www.nanog.org/mtg-0310/rancid.html

Building a Web of Trust
        http://www.nanog.org/mtg-0310/abley.html

The Relationship Between Network Security and Spam
        http://www.nanog.org/mtg-0310/spam.html

Simple Router Security, What Every ISP Router Engineer Should Know and Practice
        http://www.nanog.org/mtg-0310/routersec.html

Flawed Routers Flood University of Wisconsin Internet Time Server
        http://www.nanog.org/mtg-0310/plonka.html

Trends in Denial of Service Attack Technology
        http://www.nanog.org/mtg-0110/cert.html

Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word 
Out?
`       http://www.nanog.org/mtg-0110/moore.html

DoS Attacks in the Real World
        http://www.nanog.org/mtg-0110/irc.html

Diversion & Sieving Techniques to Defeat DDoS
        http://www.nanog.org/mtg-0110/afek.html

DNS Damage - Measurements at a Root Server
        http://www.nanog.org/mtg-0202/evi.html

Protecting the BGP Routes to Top Level DNS Servers
        http://www.nanog.org/mtg-0206/bush.html

BGP Security Update
        http://www.nanog.org/mtg-0206/barry.html

Industry/Government Infrastructure Vulnerability Assessment: Background and 
Recommendations
        http://www.nanog.org/mtg-0206/avi.html

A National Strategy to Secure Cyberspace
        http://www.nanog.org/mtg-0210/sachs.html

How to 0wn the Internet in Your Spare Time
        http://www.nanog.org/mtg-0210/vern.html

ISP Security BOF I
        http://www.nanog.org/mtg-0210/securebof.html

The Spread of the Sapphire/Slammer Worm
        http://www.nanog.org/mtg-0302/weaver.html

ISP Security BOF II
        http://www.nanog.org/mtg-0302/securebof.html

The BGP TTL Security Hack
        http://www.nanog.org/mtg-0302/hack.html

Security Considerations for Network Architecture
        http://www.nanog.org/mtg-0302/avi.html

Lack of Priority Queuing on Route Processors Considered Harmful
        http://www.nanog.org/mtg-0302/gill.html

Interception Technology: The Good, The Bad, and The Ugly!
        http://www.nanog.org/mtg-0306/schiller.html

The NIAC Vulnerability Disclosure Framework and What It Might Mean to the ISP Community
        http://www.nanog.org/mtg-0306/duncan.html

Inter-Provider Coordination for Real-Time Tracebacks
        http://www.nanog.org/mtg-0306/moriarity.html


ISP Security BOF III
        http://www.nanog.org/mtg-0306/securitybof.html

S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a Compromise to Get 
It?
        http://www.nanog.org/mtg-0306/sbgp.html

BGP Vulnerability Testing: Separating Fact from FUD
        http://www.nanog.org/mtg-0306/franz.html

BGP Attack Trees - Real World Examples
        http://www.nanog.org/mtg-0306/hares.html

NRIC Best Practices for ISP Security
        http://www.nanog.org/mtg-0306/callon.html


RIPE-46 NSP Security BoF
------------------------

RIPE-46 BoF: NSP-SEC (Hank Nussbacher) 
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-nsp-sec.pdf

IRT Object in the RIPE Database (Ulrich Kiermayr) 
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-irt.pdf

Operational Security Requirements (George M. Jones) 
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-techsec-ops-security.pdf

Infrastructure Security (Nicholas Fischbach) 
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-fischbach.pdf


===================== End Public Materials =========================

Reply via email to