Speaking of taking down the internet

blitz blitz at macronet.net
Tue Jul 2 07:07:40 UTC 2002


Just a FYI folks....from one of the hacker lists I'm on...


>Speaking of taking down the internet
>
> > Extra points for only needing to affect one device and having that device
> > successfully spread the payload to every other device as a part of it's
> > routine network communications. Think you can't cross boundaries between
> > different chipsets as implemented by different vendors (i.e. Cisco exploit
> > code which wouldn't presumably work on Foundry gear)? Think again. Think
> > polymorphic multi-architecture assembly. Think stuff that we were doing for
> > fun in a hotel room at Defcon two years ago.
>
>Heh. That's fucking evil, Dan. That's completely fucking evil. I like it.
>The only problem I can see with it is that it'd take a lot of space.
>Routers are tight on how much you can fit into 'em, and I think you'd
>stand a good chance at setting off an alarm somewhere by adding that much
>code. But maybe not... you could even store the code remotely... have your
>evil router 'upgrade' it's neighbors. But then you might get caught by an
>IDS system. Probability is low on that happening, though. Needle in a
>haystack.
>
>How about using the same plan, except instead of just making the routing
>infrastructure go dead, how about spicing it up a little and have it go
>after the root DNS servers? Thousands of devices on the backbone stuffing
>a DoS down an OC192 circuit at 9.6 Gigs per second would certainly have
>folks confused, I'd imagine. Especially if you spoofed the source
>addresses.
>
>Every time they trace the attack back to the other side of yet another
>router, it looks like the problem is further away. People would be
>completely mystified. Traffic coming from the routers would just look like
>traffic coming from something on the other side of the routers. And it
>would be... each router would be generating (and routing) a huge attack.
>And as pretty much all communication would be down, even if a couple folks
>figured it out, they'd have no easy way to spread the word of what was
>happening. Although I'm sure it would certainly hit the news.
>
> > Having said all of that, it's a cool (in the sense of being skillful)
> > attack against the Global Data Network, but hardly the easiest. It would
> > probably cost lots less overall to just crash something big or something
> > that goes boom over at Verisign and/or some places in the EU. I'm sure they
> > have plumbing. Computers still don't like water.
>
>And fiber still doesn't like tractors ;-)

Hmmm...? You make the decision if this is relevant...you didn't hear it 
from me...







More information about the NANOG mailing list