BGP-based blackholing/hijacking patented in Australia?

william(at)elan.net william at elan.net
Fri Aug 13 08:15:22 UTC 2004



On Fri, 13 Aug 2004, Bevan Slattery wrote:
> > 
> > Hi,
> > 
> > Just to ease peoples concerns, the patent has nothing to do with 
> > blackholing.  A brief description of the way it works can be found here:
> > 
> > http://www.scamslam.com/ScamSlam/whatis.shtml

And based on what I've read, the above has a lot to do with blackholing, I 
don't see how patent can be claimed on this system with so many cases of 
prior work of similar nature.

On Fri, 13 Aug 2004, Stephen J. Wilcox wrote:

> sorry cant find a really good link, this is what BT have been doing in the UK 
> for a couple months:
> http://msnbc.msn.com/id/5158457/
> 
> In answer to the critics, what an ISP chooses to do with its traffic
> *internally* is up to the ISP, and bear in mind you are not suggesting 
> the scope of the service is anything more than an ISPs own network. This 
> is not IP hijacking by any means, more like transparent caching and 
> blacklisting.

I agree with above, its not hijacking as far as it does not effect the 
whole internet and it only effects local ISP that chooses to use such a 
service. To me this all looks like a transparent firewall, which instead
of completely blocking access to ip, provides redirection to explanation 
page. However usually firewalls have static setup and maintained 100%
by sysadmin at the location, here its letting somebody else to control
your firewall and allow to add new entries there in real-time and I'd be
carefull in choosing to trust such external service. At the same time
this all sounds a lot like real time dns blacklist service and those
are widely used and commerical services such as MAPS do exist as well
as numerious non-commercial dnsbl which are trusted by thousands of ISPs.

Now I hate to be giving advice to company I do not like (based on their
insistance of patent and based even more on the answer just given on nanog
by company representative to post by Mychel Py; the answer said this is 
hostile list and chosen not to answer ANY of the legitimate concerns
sited by Mychel, this was completely inappropriate behavior if they are 
insterested in having this technology and their company seriously 
considered), but I think what is being proposed could be done better
and safer if instead of being pushed and marketed as complete block of
bad sites, the same or similar technology is marketed as automated warning
for end-users of potentially bad and unsafe websites.

The only imlementation change to do this would be to provide a link from 
the webpage where user might have been redirected to the original website 
they wanted to access (it would have to be done by using proxy service
since ip is not directly available). In such a case, this service in case 
of possibly bad ips only functions as an additional warning that webpage
user wanted to access is considered not to be safe and may be used by 
phishers (is that correct term?). Most users would listen to such a 
warning and not give any of personal information if this was to be a 
bank website if they otherwise would have believed the phishing email.
At the same time, if blackholing this site was not correct and user
really does want to go to that website, person can just click on the
link to continue.

-- 
William Leibzon
Elan Networks
william at elan.net




More information about the NANOG mailing list