funsec mailing list archives
Re: BGP: The Internet's Biggest Security Hole
From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 27 Aug 2008 02:34:42 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Ferguson wrote:
Via Threat Level. [snip] Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination. The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness. The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network. Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can't always vacuum in traffic within a network -- say, from one AT&T customer to another. [snip]
( Yawn! Old news -- at least security time-scale wise. Received SoK DVDs from BH/DC already -- its that old! ) So, I presume you were not at Defcon? Talk was a packed crowd. It was a great talk. I agree that BGP is THE big issue that remains to have a real workable fix. (Maybe the next NANOG should have a big BGP signing party?) Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAki09YEACgkQUVxQRc85QlOMqACeKMJMMVeZKg5VV01VsJ1P+F9N lnkAn2fosbfT6+7EpAiOf+2RbaJHyTLA =Frz7 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- BGP: The Internet's Biggest Security Hole Paul Ferguson (Aug 26)
- Re: BGP: The Internet's Biggest Security Hole Jon Kibler (Aug 27)
- <Possible follow-ups>
- Re: BGP: The Internet's Biggest Security Hole Paul Ferguson (Aug 26)
- Re: BGP: The Internet's Biggest Security Hole Gadi Evron (Aug 27)
- Re: BGP: The Internet's Biggest Security Hole Valdis . Kletnieks (Aug 27)
- Re: BGP: The Internet's Biggest Security Hole Gadi Evron (Aug 27)