Revealed: The Internet's Biggest Security Hole

marcus.sachs at verizon.com marcus.sachs at verizon.com
Wed Aug 27 20:40:26 CDT 2008


Nothing will change. You think DNSSEC is hard?  Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area. 

Marc

------Original Message------
From: Gadi Evron
To: Frank
Cc: NANOG list
Sent: Aug 27, 2008 20:54
Subject: Re: Revealed: The Internet's Biggest Security Hole

hehe
"new". hehe

Maybe something will change now' though, it was a great and impressive 
presentation, hijacking the defcon network and tweaking TTL to hide it.





On Thu, 28 Aug 2008, Frank wrote:

> http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
>
> Two security researchers have demonstrated a new technique to stealthily
> intercept internet traffic on a scale previously presumed to be unavailable
> to anyone outside of intelligence agencies like the National Security
> Agency.
>
> The tactic exploits the internet routing protocol BGP (Border Gateway
> Protocol) to let an attacker surreptitiously monitor unencrypted internet
> traffic anywhere in the world, and even modify it before it reaches its
> destination.
>
> The demonstration is only the latest attack to highlight fundamental
> security weaknesses in some of the internet's core protocols. Those
> protocols were largely developed in the 1970s with the assumption that every
> node on the then-nascent network would be trustworthy.  The world was
> reminded of the quaintness of that assumption in July, when researcher Dan
> Kaminsky disclosed<http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html>a
> serious vulnerability in the DNS system. Experts say the new
> demonstration
> targets a potentially larger weakness.
>
> "It's a huge issue. It's at least as big an issue as the DNS issue, if not
> bigger," said Peiter "Mudge" Zatko, noted computer security expert and

------Original Message Truncated------

--------------------------
Marcus H. Sachs
Verizon
202 515 2463

Sent from my BlackBerry


More information about the NANOG mailing list