funsec mailing list archives

Re: BGP: The Internet's Biggest Security Hole

From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 27 Aug 2008 02:34:42 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Ferguson wrote:

Via Threat Level.

[snip]

Two security researchers have demonstrated a new technique to stealthily
intercept internet traffic on a scale previously presumed to be unavailable
to anyone outside of intelligence agencies like the National Security
Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway
Protocol) to let an attacker surreptitiously monitor unencrypted internet
traffic anywhere in the world, and even modify it before it reaches its
destination.

The demonstration is only the latest attack to highlight fundamental
security weaknesses in some of the internet's core protocols. Those
protocols were largely developed in the 1970s with the assumption that
every node on the then-nascent network would be trustworthy. The world was
reminded of the quaintness of that assumption in July, when researcher Dan
Kaminsky disclosed a serious vulnerability in the DNS system. Experts say
the new demonstration targets a potentially larger weakness.

The man-in-the-middle attack exploits BGP to fool routers into re-directing
data to an eavesdropper's network.

Anyone with a BGP router (ISPs, large corporations or anyone with space at
a carrier hotel) could intercept data headed to a target IP address or
group of addresses. The attack intercepts only traffic headed to target
addresses, not from them, and it can't always vacuum in traffic within a
network -- say, from one AT&T customer to another.

[snip]


( Yawn! Old news -- at least security time-scale wise. Received SoK DVDs
from BH/DC already -- its that old! )

So, I presume you were not at Defcon? Talk was a packed crowd.

It was a great talk. I agree that BGP is THE big issue that remains to
have a real workable fix. (Maybe the next NANOG should have a big BGP
signing party?)

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki09YEACgkQUVxQRc85QlOMqACeKMJMMVeZKg5VV01VsJ1P+F9N
lnkAn2fosbfT6+7EpAiOf+2RbaJHyTLA
=Frz7
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

BGP: The Internet's Biggest Security Hole Paul Ferguson (Aug 26)
- Re: BGP: The Internet's Biggest Security Hole Jon Kibler (Aug 27)
- <Possible follow-ups>
- Re: BGP: The Internet's Biggest Security Hole Paul Ferguson (Aug 26)
  - Re: BGP: The Internet's Biggest Security Hole Gadi Evron (Aug 27)
    - Re: BGP: The Internet's Biggest Security Hole Valdis . Kletnieks (Aug 27)