[funsec] BGP: The Internet's Biggest Security Hole

Jon Kibler Jon.Kibler at aset.com
Wed Aug 27 01:34:42 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Ferguson wrote:
> Via Threat Level.
> 
> [snip]
> 
> Two security researchers have demonstrated a new technique to stealthily
> intercept internet traffic on a scale previously presumed to be unavailable
> to anyone outside of intelligence agencies like the National Security
> Agency.
> 
> The tactic exploits the internet routing protocol BGP (Border Gateway
> Protocol) to let an attacker surreptitiously monitor unencrypted internet
> traffic anywhere in the world, and even modify it before it reaches its
> destination.
> 
> The demonstration is only the latest attack to highlight fundamental
> security weaknesses in some of the internet's core protocols. Those
> protocols were largely developed in the 1970s with the assumption that
> every node on the then-nascent network would be trustworthy. The world was
> reminded of the quaintness of that assumption in July, when researcher Dan
> Kaminsky disclosed a serious vulnerability in the DNS system. Experts say
> the new demonstration targets a potentially larger weakness.
> 
> The man-in-the-middle attack exploits BGP to fool routers into re-directing
> data to an eavesdropper's network.
> 
> Anyone with a BGP router (ISPs, large corporations or anyone with space at
> a carrier hotel) could intercept data headed to a target IP address or
> group of addresses. The attack intercepts only traffic headed to target
> addresses, not from them, and it can't always vacuum in traffic within a
> network -- say, from one AT&T customer to another.
> 
> [snip]

( Yawn! Old news -- at least security time-scale wise. Received SoK DVDs
from BH/DC already -- its that old! )

So, I presume you were not at Defcon? Talk was a packed crowd.

It was a great talk. I agree that BGP is THE big issue that remains to
have a real workable fix. (Maybe the next NANOG should have a big BGP
signing party?)

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki09YEACgkQUVxQRc85QlOMqACeKMJMMVeZKg5VV01VsJ1P+F9N
lnkAn2fosbfT6+7EpAiOf+2RbaJHyTLA
=Frz7
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the funsec mailing list