key change for TCP-MD5
David Barak
thegameiam at yahoo.com
Wed Jun 21 15:59:39 UTC 2006
--- Ross Callon <rcallon at juniper.net> wrote:
> Another potential attack is an attempt to insert
> information
> into a BGP session, such as to introduce bogus
> routes, or
> to even become a "man in the middle" of a BGP
> session. One
> issue that worries me about this is that if this
> allows routing to
> be compromised, then I can figure out how to make
> money off
> of this (and if I can think of it, someone even
> nastier will probably
> also think of this). Of course this would be much
> more difficult to
> pull off, and might require viewing packets between
> routers to pull
> off, but if pulled off and not quickly detected
> could be unfortunate.
But it's safe to say that it would be a lot easier to
crack a router itself than to unobtrusively insert
useful false information, or if the ISP's routers are
sufficiently hardened, it would be easier to crack a
customer (or peer)'s router, and use that for the
injection.
The same mechanisa which can detect bogus prefixes
from a peer/customer can detect them from a hijacked
session. The cost/benefit ratio is better for
securing the routers themselves.
-David
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the NANOG
mailing list