Revealed: The Internet's well known BGP behavior
karnaugh at karnaugh.za.net
Thu Aug 28 01:26:48 CDT 2008
On 2008/08/28 06:45 AM Hank Nussbacher wrote:
> They didn't have control of any routers other than their own. What they
> had to find is a single clueless upstream ISP that would allow them to
> announce prefixes that didn't belong to them.
Leaving aside the ability blackhole prefixes that don't belong to you,
they seem to harp on the part of being able to intercept traffic.
Personally I don't trust GBLX (sorry) or whoever with my traffic any
more than a random hacker who is rerouting the traffic. That's why
things like SSL were invented. Yes, with that much control even SSL
can technically be broken but if there was ever a pretext of complete
trust about the possibilities of snooping on traffic then encryption
wouldn't need to exist.
Ultimately though, the detailed work that needs to go into pulling
something like that off would make it quite hard not to leave a trail
somewhere. Also, it's still far easier to just pop a trojan onto a few
Shameless media hyperbole anyway... I think they saw the DNS people
getting their 10 minutes of fame and wanted their own :)
More information about the NANOG