Re: key change for TCP-MD5

[David Barak <thegameiam () yahoo com>]

--- Ross Callon <rcallon () juniper net> wrote:

> Another potential attack is an attempt to insert
> information
> into a BGP session, such as to introduce bogus
> routes, or
> to even become a "man in the middle" of a BGP
> session. One
> issue that worries me about this is that if this
> allows routing to
> be compromised, then I can figure out how to make
> money off
> of this (and if I can think of it, someone even
> nastier will probably
> also think of this). Of course this would be much
> more difficult to
> pull off, and might require viewing packets between
> routers to pull
> off, but if pulled off and not quickly detected
> could be unfortunate.

But it's safe to say that it would be a lot easier to
crack a router itself than to unobtrusively insert
useful false information, or if the ISP's routers are
sufficiently hardened, it would be easier to crack a
customer (or peer)'s router, and use that for the
injection.  

The same mechanisa which can detect bogus prefixes
from a peer/customer can detect them from a hijacked
session.  The cost/benefit ratio is better for
securing the routers themselves.

-David

David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com