Revealed: The Internet's Biggest Security Hole

marcus.sachs at marcus.sachs at
Wed Aug 27 20:40:26 CDT 2008

Nothing will change. You think DNSSEC is hard?  Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area. 


------Original Message------
From: Gadi Evron
To: Frank
Cc: NANOG list
Sent: Aug 27, 2008 20:54
Subject: Re: Revealed: The Internet's Biggest Security Hole

"new". hehe

Maybe something will change now' though, it was a great and impressive 
presentation, hijacking the defcon network and tweaking TTL to hide it.

On Thu, 28 Aug 2008, Frank wrote:

> Two security researchers have demonstrated a new technique to stealthily
> intercept internet traffic on a scale previously presumed to be unavailable
> to anyone outside of intelligence agencies like the National Security
> Agency.
> The tactic exploits the internet routing protocol BGP (Border Gateway
> Protocol) to let an attacker surreptitiously monitor unencrypted internet
> traffic anywhere in the world, and even modify it before it reaches its
> destination.
> The demonstration is only the latest attack to highlight fundamental
> security weaknesses in some of the internet's core protocols. Those
> protocols were largely developed in the 1970s with the assumption that every
> node on the then-nascent network would be trustworthy.  The world was
> reminded of the quaintness of that assumption in July, when researcher Dan
> Kaminsky disclosed<>a
> serious vulnerability in the DNS system. Experts say the new
> demonstration
> targets a potentially larger weakness.
> "It's a huge issue. It's at least as big an issue as the DNS issue, if not
> bigger," said Peiter "Mudge" Zatko, noted computer security expert and

------Original Message Truncated------

Marcus H. Sachs
202 515 2463

Sent from my BlackBerry

More information about the NANOG mailing list