Internet vulnerabilities
Phil Rosenthal
pr at isprime.com
Thu Jul 4 18:17:27 UTC 2002
Thinking about a physical threat...
If you go to 111 8th ave, NYC. They have added security since 9-11-01
which now requires either building ID, or showing a driver's license
before entering building (because terrorists don't have driver's
licenses).
On some floors (eg the 7th). The building risers and conduits are
completely exposed. I can't help but wonder how much damage a terrorist
attack to that would do.
Also, say someone from a moderately fast internet connection (OC-3) ran
nmap across the entire internet on ports like 21,22,53,80,443,3306. In
one day, they can probably have a list of every server answering those
ports, and the versions of the daemons on them.
Next, just wait for an wide enough exploit to come out, and then write a
Trojan that has a list of every other server vulnerable, and on every
hack, it splits the list in 2, and roots another box and gives it the
2nd half of the list.
I estimate that with a wide enough exploit (eg apache or openssh), you
could probably compromise 20% of the servers on the net within 1 hour,
and then have them all begin a ping flood of something "far away"
network wise (meaning a box in NYC would flood a box in SJC, a box in
SJC would flood a box in Japan, etc... Trying to have as much bit
distance as possible).
Damn scary, but I believe if someone was determined enough, they could
take down the whole 'net within one hour of pressing "enter".
I suppose there really isn't anything that can be done at this point to
make that scenario impossible.
--Phil
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Jason Lewis
Sent: Thursday, July 04, 2002 1:57 PM
To: nanog at merit.edu
Subject: Internet vulnerabilities
There is a lot of news lately about terrorist groups doing recon on
potential targets. The stories got me thinking.
What are the real threats to the global Internet?
I am looking for anything that might be a potential attack point. I
don't want to start a flame war, but any interesting or even way out
there idea is welcome.
Is it feasible that a coordinated attack could shutdown the entire net?
I am not talking DDoS. What if someone actually had the skills to
disrupt BGP on a widescale?
jas
More information about the NANOG
mailing list