|
All Archives /
aussie-isp /
2004-08
|
<<< Date >>> | |
| Permanent Link | ||
|
Date: Thu, 12 Aug 2004 07:12:35 -0700
From: Barry Raveendran Greene To: bgreene Message-Id: <00dc01c48076$70f2c0b0$4513180a@amer.cisco.com> In-Reply-To: <20040812101030.GC74928@snowcrash.tpb.net> Subject: [Oz-ISP] RE: BGP-based blackholing/hijacking patented in Australia? |
Followups: |
|
This is a multi-part message in MIME format. ------=_NextPart_000_00DD_01C4803B.C493E8B0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just to set the history straight - so it is on the record. RTBH - Remote Triggered Black Hole filtering reemerged as a key security reaction tool when two things happened: 1. When Chris Morrow and Brian Gemberling shared their Backscatter Traceback technique with the world. http://www.secsup.org/Tracking/ 2. When we - Cisco - created uRPF Loose Check to allow for source based RTBH (see attached for lots of my links) My first use of RTBH - what Pipe is saying they invented - was back in 1991 to stop an attack on a network I was operating. It was a technique taught to me from someone at JVNCnet. I'm not sure who that person was - but Steve Johnson - who worked at JVNCnet at that time and was later my boss confirmed that they were using RTBH every now and then. Also note that at least one of the anti-SPAM solutions have used RTBH for years. MAPS (http://www.mail-abuse.com/) started in 1996. So it really surprises me that "Pipe has applied for a patent." > -----Original Message----- > From: o w n e r - n a n o g @ m e r i t . e d u [m a i l t o : o w n e r - n a n o g @ m e r i t . e d u On > Behalf Of Niels Bakker > Sent: Thursday, August 12, 2004 3:11 AM > To: n a n o g @ m e r i t . e d u > Subject: BGP-based blackholing/hijacking patented in Australia? > > > > http://australianit.news.com.au/articles/0,7204,10394549%5E153 > 06%5E%5Enbv%5E,00.html > 2004-08-10 (via InfoAnarchy) > > "Pipe has applied for a patent for its method of blocking > access to deceptive websites linked to fraudulent emails > that direct users to fake bank websites to capture bank > account and password details. [..] "Pipe Networks managing > director Bevan Slattery said Pipe had been testing a method > of enabling banks, ISPs and law enforcement agencies to > notify Pipe of new phishing emails. "Pipe could then > distribute updated internet routing information to ISPs via > the border gateway protocol, so internet users could not > reach the fraudulent website." > > The implications of this are scary. Hijacking of IP space by > a private company, supported by the government? > > > -- Niels. > > -- > Today's subliminal thought is: > -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQRt6x7/UEA/xivvmEQIMDwCgu728Asqpb5hJAC/PwJVzMJfPsW4AoNtu y9Bg5VAUS8f3lqheCknRCrRx =gB4B -----END PGP SIGNATURE----- ------=_NextPart_000_00DD_01C4803B.C493E8B0 Content-Type: text/plain; name="SP Security Links.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="SP Security Links.txt" =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D NEW = Materials = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= Powersession on Core Security (4-6 May 2004) http://www.ciscoeventreg.net/go/networkers/agenda9.lasso CPN Summit SP Security Materials (April 2004) ftp://ftp-eng.cisco.com/cons/isp/security/CPN-Summit-2004/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D = Public Materials = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SP Security Materials ---------------------- Public On-Line ISP Security Bootcamp - Singapore Summer 2003 http://www.getitmm.com/bootcampflash/launch.html Sign-On: http://palomar.getitmm.com/bootcamp/ Much of the materials presented in the ISP Security Bootcamp builds on = and assumes a basic understanding of the principles in the ISP = Essentials materials. This whitepaper is now a book - ISP Essentials = which can be purchased through Cisco Press (http://www.ciscopress.com/) = or through another on-line book store. The supplements for the book = along with the tutorials, workshops, and bootcamps presented by Philip = and I are at:=20 ftp://ftp-eng.cisco.com/cons/ or=20 http://www.ispbook.com TEAM CYMRU Templates and Tools ------------------------------ Team CYMRU provides configuration templates, security templates, and = other services to help make the Internet a safer place to network. These = can be found at: http://www.cymru.com/ The Original Backscattered Traceback and Customer Triggered Remote = Triggered Black Hole Techniques -------------------------------------------------------------------------= ------------------------ http://www.secsup.org/Tracking/ http://www.secsup.org/CustomerBlackHole/ What is a BOTNET? ----------------- One of the best write ups is from a freeware tool gone commercial (I = guess so they can scale). http://swatit.org/bots/index.html BGP 'Attack Tree' - Realities of BGP Security ------------------------------------------- Cisco's CIAG Team moves beyond the armchair hypothesizing of BGP = Security Risk and runs test again the industry's multiple = implementations of BGP http://wwwin-people.cisco.com/sean/ciag-bgp-blackhatv2.pdf Communities of People Working Together to Mitigate Miscreant Activities ----------------------------------------------------------------------- + Distributed Detection Systems Individuals and Organizations can = Participate: Dshield - www.dshield.org My Netwatchman - www.mynetwatchman.com NANOG SP Security Seminars and Talks ------------------------------------- The NANOG Coordination Committee actively works to product sessions and = seminars to help foster security on the Internet. All sessions are taped = and converted to VOD for all to use for their personal education. Over = time, this effort has generated a valuable On-Line Tutorial for = engineers and organzations seeking to learn more about running a more = secure network. NANOG Security Tutorial Series Tutorial: Implementing a Secure Network Infrastructure (Part I) http://www.nanog.org/mtg-0310/kaeo.html Tutorial: ISP Security - Real World Techniques I - Remote Triggered = Black Hole Filtering and Backscatter Traceback. http://www.nanog.org/mtg-0110/greene.html Tutorial: ISP Security - Real World Techniques II - Secure the CPE Edge http://www.nanog.org/mtg-0210/ispsecure.html Tutorial: ISP Security: Deploying and Using Sinkholes http://www.nanog.org/mtg-0306/sink.html Tutorial: Deploying IP Anycast http://www.nanog.org/mtg-0310/miller.html NANOG Security Sessions Watching Your Router Configurations and Detecting Those Exciting Little = Changes http://www.nanog.org/mtg-0310/rancid.html Building a Web of Trust http://www.nanog.org/mtg-0310/abley.html The Relationship Between Network Security and Spam http://www.nanog.org/mtg-0310/spam.html Simple Router Security, What Every ISP Router Engineer Should Know and = Practice http://www.nanog.org/mtg-0310/routersec.html Flawed Routers Flood University of Wisconsin Internet Time Server http://www.nanog.org/mtg-0310/plonka.html Trends in Denial of Service Attack Technology http://www.nanog.org/mtg-0110/cert.html Recent Internet Worms: Who Are the Victims, and How Good Are We at = Getting the Word Out? ` http://www.nanog.org/mtg-0110/moore.html DoS Attacks in the Real World http://www.nanog.org/mtg-0110/irc.html Diversion & Sieving Techniques to Defeat DDoS http://www.nanog.org/mtg-0110/afek.html DNS Damage - Measurements at a Root Server http://www.nanog.org/mtg-0202/evi.html Protecting the BGP Routes to Top Level DNS Servers http://www.nanog.org/mtg-0206/bush.html BGP Security Update http://www.nanog.org/mtg-0206/barry.html Industry/Government Infrastructure Vulnerability Assessment: Background = and Recommendations http://www.nanog.org/mtg-0206/avi.html A National Strategy to Secure Cyberspace http://www.nanog.org/mtg-0210/sachs.html How to 0wn the Internet in Your Spare Time http://www.nanog.org/mtg-0210/vern.html ISP Security BOF I http://www.nanog.org/mtg-0210/securebof.html The Spread of the Sapphire/Slammer Worm http://www.nanog.org/mtg-0302/weaver.html ISP Security BOF II http://www.nanog.org/mtg-0302/securebof.html The BGP TTL Security Hack http://www.nanog.org/mtg-0302/hack.html Security Considerations for Network Architecture http://www.nanog.org/mtg-0302/avi.html Lack of Priority Queuing on Route Processors Considered Harmful http://www.nanog.org/mtg-0302/gill.html Interception Technology: The Good, The Bad, and The Ugly! http://www.nanog.org/mtg-0306/schiller.html The NIAC Vulnerability Disclosure Framework and What It Might Mean to = the ISP Community http://www.nanog.org/mtg-0306/duncan.html Inter-Provider Coordination for Real-Time Tracebacks http://www.nanog.org/mtg-0306/moriarity.html ISP Security BOF III http://www.nanog.org/mtg-0306/securitybof.html S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a = Compromise to Get It? http://www.nanog.org/mtg-0306/sbgp.html BGP Vulnerability Testing: Separating Fact from FUD http://www.nanog.org/mtg-0306/franz.html BGP Attack Trees - Real World Examples http://www.nanog.org/mtg-0306/hares.html NRIC Best Practices for ISP Security http://www.nanog.org/mtg-0306/callon.html RIPE-46 NSP Security BoF ------------------------ RIPE-46 BoF: NSP-SEC (Hank Nussbacher)=20 http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-nsp= -sec.pdf IRT Object in the RIPE Database (Ulrich Kiermayr)=20 http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-irt= Operational Security Requirements (George M. Jones)=20 http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-techsec-op= s-security.pdf Infrastructure Security (Nicholas Fischbach)=20 http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-nspbof-fis= chbach.pdf =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D End = Public Materials = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= ------=_NextPart_000_00DD_01C4803B.C493E8B0-- ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed. |
|