nanog mailing list archives
Re: Your router/switch may be less secure than you think
From: Michael Loftis <mloftis () wgops com>
Date: Wed, 03 Aug 2005 12:09:51 -0600
--On August 3, 2005 2:10:10 PM +0100 Michael.Dillon () btradianz com wrote: <...>
Contrary to what some may be worrying about, it it not the GSRs that are most at risk. It is those old 2500's that are connected to your customers. Imagine that one of those customer routers is exploited, the hacker installs a tunnel, and then proceeds to anonymously probe the customer's network. This is the real risk and it may very well be happening right now to one of your customers.
While I hate to possibly give ideas to (real) black hats in a public form but no doubt some have thought of this anyway....injecting routes into BGP to steal traffic. A crafty enough person could move traffic back over a tunnel or series of tunnels to be snooped. Yes, theoretically, it'd be noticed fairly soon, but how quickly is soon enough for $xyz critical application? That worries me more, because it only takes one insecure unfiltered setup (or even partially unfiltered setup) to announce something they shouldn't. Hopefully it wouldn't be global-reaching, but, it could be. How much do you trust your peers? How much should you? How much do you have to? For customers, it's obvious, for transit peers, maybe less so.
Just my two cents worth... <...>
Current thread:
- Your router/switch may be less secure than you think Michael . Dillon (Aug 03)
- Re: Your router/switch may be less secure than you think Robert E . Seastrom (Aug 03)
- Re: Your router/switch may be less secure than you think Michael . Dillon (Aug 03)
- Re: Your router/switch may be less secure than you think Scott Francis (Aug 04)
- Re: Your router/switch may be less secure than you think Joel Jaeggli (Aug 05)
- Re: Your router/switch may be less secure than you think Michael Loftis (Aug 03)
- <Possible follow-ups>
- Re: Your router/switch may be less secure than you think Robert Bonomi (Aug 03)
- Re: Your router/switch may be less secure than you think Robert E . Seastrom (Aug 03)