Dailydave mailing list archives
Re: tubes clogged
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 29 Dec 2008 11:06:20 -0600
On Mon, 29 Dec 2008, Jared DeMott wrote:
Alexander Sotirov wrote:I hereby grant the security community permission to freely speculate about the details of our latest research: http://events.ccc.de/congress/2008/Fahrplan/track/Hacking/3023.en.html The best guess will win a special T-Shirt! Take care, AlexAn attack that leverages overrun routing queues to reroute traffic to a network of choice?
I'm thinking an attack that causes BGP peers (glue of the internet) to go through a cascading flapping mechanism forcing them to continuously dampen each other till they keep breaking adjacency with each other. EG: R1 = 10.10.10.1 R2 = 10.11.12.1 R3 = 10.12.13.1 R1 is peered with R2 R2 is peered with R3 As R2 (spoofed): Fragment R1 randomly appearing as R2 R2 has the potential to flap, if it does flap and R1 is configured (im)properly, it will ignore R2 until it gets its act in order. During the initial flap a penalty is given which exponentially grows. During the time of R2's appearance of flapping, R3 if sending through R2 to get through to R1 will also ignore that path. http://www.ietf.org/rfc/rfc2439.txt http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-wed-flap-damping.pdf Anyhow, so imagine a mesh of flapping routers all ignoring each other, one after the other. I thought about something like this a while ago and modified a lame tool a while back, but never put the theory to practice. Besides I didn't have an Internet to play with ;) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Enough research will tend to support your conclusions." - Arthur Bloch "A conclusion is the place where you got tired of thinking" - Arthur Bloch 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- tubes clogged Alexander Sotirov (Dec 29)
- Re: tubes clogged Jared DeMott (Dec 29)
- Re: tubes clogged J. Oquendo (Dec 29)
- Re: tubes clogged Can Erkin Acar (Dec 29)
- Re: tubes clogged Jess Kitchen (Dec 29)
- Re: tubes clogged J. Oquendo (Dec 29)
- Re: tubes clogged H D Moore (Dec 29)
- Re: tubes clogged Petja van der Lek (Dec 29)
- Re: tubes clogged Fyodor (Dec 29)
- Re: tubes clogged Jess Kitchen (Dec 29)
- Re: tubes clogged Thorsten Holz (Dec 30)
- Re: tubes clogged dan (Dec 30)
- Re: tubes clogged Paul Melson (Dec 30)
- Re: tubes clogged Petja van der Lek (Dec 29)
- Re: tubes clogged Jared DeMott (Dec 29)