nanog mailing list archives

RE: Internet vulnerabilities

From: "jnelson" <jnelson () rackspace com>
Date: Thu, 4 Jul 2002 15:58:08 -0500

Ah... "More info ?" When all else fails RTFM. 
Thanks (non-disgruntled DE?),
J

-----Original Message-----
From: Richard E. Perlotto II [mailto:rperlott () cisco com] 
Sent: Thursday, July 04, 2002 3:28 PM
To: 'jnelson'; 'batz'; 'Jason Lewis'
Cc: nanog () merit edu
Subject: RE: Internet vulnerabilities

Actually all the Cisco images have a MD5 hash included on the download
page.  You can check all of your images verses what is on the web.  The
12.2.8T
train also has a built in MD5 checksum for validation.  We are doing
what we
can to help.

Richard

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf

Of jnelson

Sent: Thursday, July 04, 2002 12:47 PM
To: 'batz'; 'Jason Lewis'
Cc: nanog () merit edu
Subject: RE: Internet vulnerabilities

How about this:
ISP X had its tftp server compromised by a wily hacker who evaded
tripwire and covered his track well, uploaded some cracked Cisco code
(the current release for their GSRs). This code was designed to

corrupt

the directories and shut down the router at date XX:XX:XX. Each of

these

affected GSRs, 7-five new roll-outs and 2 upgrades--went down at the
same time (save one who's time was no set correctly). Each site had to
driven to, flashcards replaced. ISP X severely crippled for 6 hours.

The

hacker could have gone the extra leg to have the tftp server expunge

the

backup configs at the same time--extra couple hours--but did not.

We all download code from Cisco/Juniper/Bay in good faith... when's

the

last time you saw a signature attached to any of those? Most security
breeches happen from within anyway. A disgruntled DE....

Just a wicked thought.
j

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf

Of

batz
Sent: Thursday, July 04, 2002 2:17 PM
To: Jason Lewis
Cc: nanog () merit edu
Subject: Re: Internet vulnerabilities

On Thu, 4 Jul 2002, Jason Lewis wrote:

:What are the real threats to the global Internet?

I realize this seems like  nitpicking, but asking what the real risks
are
might be a more useful question. The reason I mention this is because
the
washington post report the other day about threats to SCADA systems

was

blown out of proportion, because it equated the seriousness of the
threats
with their associated risks. Yes, most ASN.1 implementations have
serious
vulnerabilities, welcome to 1988.

The ASN.1 vulnerabilities being talked about right now are serious
threats,
but lower risk than say, millions of unpatched IIS and apache servers,
public exploits and a worm on the loose. Application level
vulnerabilities
that have to be patched on a host by host basis, cause a greater risk
than
say, SNMP vulnerabilities that can be filtered at the gateway, which
protects from opportunistic external attacks.

When you talk about threats to the global Internet, there are hundreds
of
equally serious vulnerabilities of varying risk. Also, the "global
Internet"
has many different meanings. It can mean "the ability to send and
recieve
packets on layer 3" or "people being able to conduct business
electronically,
with some reasonable expectation of the confidentiality, integrity and
reliability of their transactions."

So, it all depends on what you mean by the Internet:) I think this is
an extremely important discussion to have on the list, I just think
it should be framed in terms of real risks, root causes, and
potential solutions.


:I am looking for anything that might be a potential attack point.  I
don't
:want to start a flame war, but any interesting or even way out there
idea
:is welcome.
:
:Is it feasible that a coordinated attack could shutdown the entire

net?

I
:am not talking DDoS.  What if someone actually had the skills to
disrupt
:BGP on a widescale?

Once you start thinking about the Internet from a security

perspective,

you realize there is no "entire net" subject to the sum of its parts

in

any practical sense. It is a network of networks that serves a

continuum


of interests, bounded by economics, and driven by porn. ;)

The attack point is anywhere you think will do the most harm to the
people you dislike. If you just want to break something, find serious,
easy to exploit, security design limitations in BGP, MPLS, BIND and
drive a major global backbone like UUNet into insolvency.

..What? Oh ...Too late.

--
batz

Current thread:

Re: WorldComm Fiber Cut????, (continued)
- - - Re: WorldComm Fiber Cut???? Sean Donelan (Jul 07)
    - Re: WorldComm Fiber Cut???? neil d. quiogue (Jul 07)
    - Re: WorldComm Fiber Cut???? Pawlukiewicz Jane (Jul 08)
    - Re: Internet vulnerabilities Richard A Steenbergen (Jul 07)
    - Re: Internet vulnerabilities Bill Woodcock (Jul 07)
    - RE: Internet vulnerabilities Bill Woodcock (Jul 05)
    - RE: Internet vulnerabilities Sean Donelan (Jul 05)
    - Re: Internet vulnerabilities Marshall Eubanks (Jul 05)
    - RE: Internet vulnerabilities Bill Woodcock (Jul 05)
    - RE: Internet vulnerabilities Daniel Golding (Jul 08)
- RE: Internet vulnerabilities jnelson (Jul 04)
- Re: Internet vulnerabilities Miquel van Smoorenburg (Jul 04)
- RE: Internet vulnerabilities Rizzo Frank (Jul 05)
  - RE: Internet vulnerabilities jnull (Jul 05)