nanog mailing list archives

RE: Revealed: The Internet's Biggest Security Hole

From: "Allen Bass" <ABass () arise com>
Date: Wed, 27 Aug 2008 23:04:01 -0400

I'm thinking and afraid that by reading this thread we have opened Pandora's box even further than it was opened!

* * * * * 

Allen Bass
Manager, Technology Operations

Arise Virtual Solutions Inc.
3450 Lakeside Drive, Suite 620
Miramar, Florida  33027
www.arise.com

-----Original Message-----
From: marcus.sachs () verizon com [mailto:marcus.sachs () verizon com] 
Sent: Wednesday, August 27, 2008 10:30 PM
To: algorythm () gmail com
Cc: nanog () merit edu
Subject: Re: Revealed: The Internet's Biggest Security Hole

I'll have to admit that the TTL manipulation was something I had not thought about. But why not?  If you are going to 
purloin EVERY packet then why not re-write byte 8 in every IP header to a value of your choosing? Very cool. 

Marc

------Original Message------
From: Jason Ross
To: Sachs, Marcus H. (Marc)
Cc: Gadi Evron
Cc: nanog () merit edu
Sent: Aug 27, 2008 22:21
Subject: Re: Revealed: The Internet's Biggest Security Hole

On Wed, Aug 27, 2008 at 9:52 PM,  <marcus.sachs () verizon com> wrote:

Yes, wonderful preso!  My biggest take-away was the fact that the
vast majority of the attendees did not understand the gravity of the
demo.


Agreed on both counts: the presentation was great, and largely not
understood it seemed.


hehe
"new". hehe

Maybe something will change now' though, it was a great and
impressive presentation, hijacking the defcon network and tweaking
TTL to hide it.


Notably, Alex and Tony both mentioned that the BGP tricks were not new
during the presentation, and commented that it would essentially not be
surprising to anyone that groks routing at the level that most of the
folks on this list does.

What was new though according to their presentation (and it was new to
me certainly, but I'm still fairly green) was the AS Path prepending to
complete the circuit, and as you mentioned, the TTL magicks to hide
the hops.

I was suitably impressed at that.

--
Jason


--------------------------
Marcus H. Sachs
Verizon
202 515 2463

Sent from my BlackBerry

Current thread:

Revealed: The Internet's Biggest Security Hole Frank (Aug 27)
- Re: Revealed: The Internet's Biggest Security Hole Gadi Evron (Aug 27)
- <Possible follow-ups>
- Re: Revealed: The Internet's Biggest Security Hole marcus.sachs (Aug 27)
  - Re: Revealed: The Internet's Biggest Security Hole Gadi Evron (Aug 27)
- Re: Revealed: The Internet's Biggest Security Hole marcus.sachs (Aug 27)
  - Re: Revealed: The Internet's Biggest Security Hole Jason Ross (Aug 27)
- Re: Revealed: The Internet's Biggest Security Hole marcus.sachs (Aug 27)
  - RE: Revealed: The Internet's Biggest Security Hole Allen Bass (Aug 27)
- Re: Revealed: The Internet's Biggest Security Hole Hank Nussbacher (Aug 27)
  - Re: Revealed: The Internet's Biggest Security Hole Joel Jaeggli (Aug 28)