What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
----- Original Message ----
From: Fredy Kuenzler kuenzler@init7.net Cc: swinog@swinog.ch Sent: Wednesday, December 10, 2008 2:05:53 PM Subject: Re: [swinog] Netclean - news
Markus Wild schrieb:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
From http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Netclean Whitebox funktioniert zweistufig: 1. wird via BGP4 die Liste der verdächtigen IP Adressen in die Routingtabelle eingepflegt. Derzeit sind das um die 450 IP Adressen. Traffic von diesen Websites wird auf die Whitebox umgeleitet. Auf dieser erfolgt 2. die DNS resp. HTTP Inspection, und die Whitebox ist damit in der Lage, zwischen illegalem und harmlosen Inhalt zu unterscheiden, der sich zufällig an der selben IP Adresse befindet.
F.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog