Revealed: The Internet's Biggest Security Hole

Gadi Evron ge at
Wed Aug 27 20:42:59 CDT 2008

On Wed, 27 Aug 2008 marcus.sachs at wrote:
> Nothing will change. You think DNSSEC is hard?  Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area.

I guess it will just remain a "cool" presentation than, and boy was it 

You were there, any special impressions?


> Marc
> ------Original Message------
> From: Gadi Evron
> To: Frank
> Cc: NANOG list
> Sent: Aug 27, 2008 20:54
> Subject: Re: Revealed: The Internet's Biggest Security Hole
> hehe
> "new". hehe
> Maybe something will change now' though, it was a great and impressive
> presentation, hijacking the defcon network and tweaking TTL to hide it.
> On Thu, 28 Aug 2008, Frank wrote:
>> Two security researchers have demonstrated a new technique to stealthily
>> intercept internet traffic on a scale previously presumed to be unavailable
>> to anyone outside of intelligence agencies like the National Security
>> Agency.
>> The tactic exploits the internet routing protocol BGP (Border Gateway
>> Protocol) to let an attacker surreptitiously monitor unencrypted internet
>> traffic anywhere in the world, and even modify it before it reaches its
>> destination.
>> The demonstration is only the latest attack to highlight fundamental
>> security weaknesses in some of the internet's core protocols. Those
>> protocols were largely developed in the 1970s with the assumption that every
>> node on the then-nascent network would be trustworthy.  The world was
>> reminded of the quaintness of that assumption in July, when researcher Dan
>> Kaminsky disclosed<>a
>> serious vulnerability in the DNS system. Experts say the new
>> demonstration
>> targets a potentially larger weakness.
>> "It's a huge issue. It's at least as big an issue as the DNS issue, if not
>> bigger," said Peiter "Mudge" Zatko, noted computer security expert and
> ------Original Message Truncated------
> --------------------------
> Marcus H. Sachs
> Verizon
> 202 515 2463
> Sent from my BlackBerry

More information about the NANOG mailing list