Re: Analysis: AboveNet attacks

[bugtraq () NETWORKICE COM (Robert Graham)]

I'm primarily worried about script-kiddy attacks. In my paper, I outline a
couple simple steps that will make the network immune from script-kiddies.
There is no really excuse for being that open.

In contrast, exposing general topological information doesn't help script
kiddies, and only helps the "elite" intruder. In contrast, there this
information provide network management benefits. As an engineer, it really
helps me a lot. I find AboveNet to be probably the more engineer-friendly
companies out there. They not only provide status info to the public on
their home page, but lots of private web-page management tools for their
customers. They do lots of boneheaded things, but they also do a bunch of
cool things, too.

I would really hate it if AboveNet cracked down on their openness policy.

Rob.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On
Behalf Of Richard Bejtlich
Sent: Monday, May 01, 2000 5:15 PM
To: INCIDENTS () securityfocus com
Subject: Re: Analysis: AboveNet attacks

Excellent analysis Robert.  I'm passing your message to my
analysts for their education.

Poking around http://www.above.net/network/network.html ,
it looks like Above.net still lists the IPs you mentioned.
This reminds me of the business/education/etc network
diagrams shown in each issue of Network Computing magazine
(http://www.networkcomputing.com).  This "centerfold" is a
great resource for anyone looking to break into a company --
 why would anyone volunteer their entire topology, albeit
minus IP addresses?

Richard

---

In the case of AboveNet, they actually tell everyone the IP
addresses of
their switches. They post to their website map the current
status of all
their equipment and Internet connections. They essentially
publicize where
to find the equipment and classify it in a well-known
category of attacks
that might bring it down.