Internet vulnerabilities
batz
batsy at vapour.net
Thu Jul 4 19:17:15 UTC 2002
On Thu, 4 Jul 2002, Jason Lewis wrote:
:What are the real threats to the global Internet?
I realize this seems like nitpicking, but asking what the real risks are
might be a more useful question. The reason I mention this is because the
washington post report the other day about threats to SCADA systems was
blown out of proportion, because it equated the seriousness of the threats
with their associated risks. Yes, most ASN.1 implementations have serious
vulnerabilities, welcome to 1988.
The ASN.1 vulnerabilities being talked about right now are serious threats,
but lower risk than say, millions of unpatched IIS and apache servers,
public exploits and a worm on the loose. Application level vulnerabilities
that have to be patched on a host by host basis, cause a greater risk than
say, SNMP vulnerabilities that can be filtered at the gateway, which
protects from opportunistic external attacks.
When you talk about threats to the global Internet, there are hundreds of
equally serious vulnerabilities of varying risk. Also, the "global Internet"
has many different meanings. It can mean "the ability to send and recieve
packets on layer 3" or "people being able to conduct business electronically,
with some reasonable expectation of the confidentiality, integrity and
reliability of their transactions."
So, it all depends on what you mean by the Internet:) I think this is
an extremely important discussion to have on the list, I just think
it should be framed in terms of real risks, root causes, and
potential solutions.
:I am looking for anything that might be a potential attack point. I don't
:want to start a flame war, but any interesting or even way out there idea
:is welcome.
:
:Is it feasible that a coordinated attack could shutdown the entire net? I
:am not talking DDoS. What if someone actually had the skills to disrupt
:BGP on a widescale?
Once you start thinking about the Internet from a security perspective,
you realize there is no "entire net" subject to the sum of its parts in
any practical sense. It is a network of networks that serves a continuum
of interests, bounded by economics, and driven by porn. ;)
The attack point is anywhere you think will do the most harm to the
people you dislike. If you just want to break something, find serious,
easy to exploit, security design limitations in BGP, MPLS, BIND and
drive a major global backbone like UUNet into insolvency.
..What? Oh ...Too late.
--
batz
More information about the NANOG
mailing list