Revealed: The Internet's well known BGP behavior

Colin Alston karnaugh at
Thu Aug 28 01:26:48 CDT 2008

On 2008/08/28 06:45 AM Hank Nussbacher wrote:
> They didn't have control of any routers other than their own.  What they 
> had to find is a single clueless upstream ISP that would allow them to 
> announce prefixes that didn't belong to them.

Leaving aside the ability blackhole prefixes that don't belong to you, 
they seem to harp on the part of being able to intercept traffic.

Well, yes?

Personally I don't trust GBLX (sorry) or whoever with my traffic any 
more than a random hacker who is rerouting the traffic. That's why 
things like SSL were invented. Yes, with that much control even SSL 
can technically be broken but if there was ever a pretext of complete 
trust about the possibilities of snooping on traffic then encryption 
wouldn't need to exist.

Ultimately though, the detailed work that needs to go into pulling 
something like that off would make it quite hard not to leave a trail 
somewhere. Also, it's still far easier to just pop a trojan onto a few 
million machines.

Shameless media hyperbole anyway... I think they saw the DNS people 
getting their 10 minutes of fame and wanted their own :)

More information about the NANOG mailing list