Revealed: The Internet's Biggest Security Hole

Gadi Evron ge at linuxbox.org
Wed Aug 27 20:42:59 CDT 2008


On Wed, 27 Aug 2008 marcus.sachs at verizon.com wrote:
> Nothing will change. You think DNSSEC is hard?  Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area.

I guess it will just remain a "cool" presentation than, and boy was it 
cool.

You were there, any special impressions?

 	Gadi.

> Marc
>
> ------Original Message------
> From: Gadi Evron
> To: Frank
> Cc: NANOG list
> Sent: Aug 27, 2008 20:54
> Subject: Re: Revealed: The Internet's Biggest Security Hole
>
> hehe
> "new". hehe
>
> Maybe something will change now' though, it was a great and impressive
> presentation, hijacking the defcon network and tweaking TTL to hide it.
>
>
>
>
>
> On Thu, 28 Aug 2008, Frank wrote:
>
>> http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
>>
>> Two security researchers have demonstrated a new technique to stealthily
>> intercept internet traffic on a scale previously presumed to be unavailable
>> to anyone outside of intelligence agencies like the National Security
>> Agency.
>>
>> The tactic exploits the internet routing protocol BGP (Border Gateway
>> Protocol) to let an attacker surreptitiously monitor unencrypted internet
>> traffic anywhere in the world, and even modify it before it reaches its
>> destination.
>>
>> The demonstration is only the latest attack to highlight fundamental
>> security weaknesses in some of the internet's core protocols. Those
>> protocols were largely developed in the 1970s with the assumption that every
>> node on the then-nascent network would be trustworthy.  The world was
>> reminded of the quaintness of that assumption in July, when researcher Dan
>> Kaminsky disclosed<http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html>a
>> serious vulnerability in the DNS system. Experts say the new
>> demonstration
>> targets a potentially larger weakness.
>>
>> "It's a huge issue. It's at least as big an issue as the DNS issue, if not
>> bigger," said Peiter "Mudge" Zatko, noted computer security expert and
>
> ------Original Message Truncated------
>
> --------------------------
> Marcus H. Sachs
> Verizon
> 202 515 2463
>
> Sent from my BlackBerry
>




More information about the NANOG mailing list