nanog mailing list archives
Re: Phishing and BGP Blackholing
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 03 Jan 2007 15:35:30 +0100
* Neil J. McRae:
I didn't see the original post but the topic came up in 2005 here in the UK as the banks here wanted to use BGP filtering in the same light. The LINX prepared a paper on the issues with BGP blackholing and recommended that if the banks want to trade on the Internet that they should introduce authentication systems that are fit for purpose (SecureID for example (many banks had already done this)).
Banks have deployed much more secure systems than SecureID, and there have been successful attacks against them. SecureID might be helpful if you want to differentiate your product between automatic and manual use, but it doesn't do anything to authenticate the party you are relaying information to. But it's useless in a phishing context. If you want a token solution, at least use something that factors in transaction-related data.
Current thread:
- Phishing and BGP Blackholing Joy, Dylan (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Travis H. (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Travis H. (Jan 02)
- Re: Phishing and BGP Blackholing Randy Bush (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- RE: Phishing and BGP Blackholing Neil J. McRae (Jan 03)
- Re: Phishing and BGP Blackholing Florian Weimer (Jan 03)
- RE: Phishing and BGP Blackholing Neil J. McRae (Jan 03)
- Re: Phishing and BGP Blackholing Travis H. (Jan 17)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 02)
- Re: Phishing and BGP Blackholing Mark Foster (Jan 02)
- Re: Phishing and BGP Blackholing Rich Kulawiec (Jan 03)
- on a different "manners" topic, was Re: Phishing... Edward Lewis (Jan 03)
- Re: on a different "manners" topic, was Re: Phishing... Justin M. Streiner (Jan 03)
- Re: Phishing and BGP Blackholing Mark Foster (Jan 03)
- Re: Phishing and BGP Blackholing Joseph S D Yao (Jan 03)
- Re: Phishing and BGP Blackholing Mark Foster (Jan 03)
- Re: Phishing and BGP Blackholing Alexander Harrowell (Jan 04)