Re: Someone¹s Been Siphoning Data Through a Huge Security Hole in the Internet

Warren Bailey wbailey at satelliteintelligencegroup.com
Fri Dec 6 18:44:00 UTC 2013


That didn¹t seem to work for google.. ;)

On 12/6/13, 9:39 AM, "Brandon Galbraith" <brandon.galbraith at gmail.com>
wrote:

>If your flows are a target, or your data is of an extremely sensitive
>nature (diplomatic, etc), why aren't you moving those bits over
>something more private than IP (point to point L2, MPLS)? This doesn't
>work for the VoIP target mentioned, but foreign ministries should most
>definitely not be trusting encryption alone.
>
>brandon
>
>On Fri, Dec 6, 2013 at 12:05 PM, Jared Mauch <jared at puck.nether.net>
>wrote:
>>
>> On Dec 6, 2013, at 12:38 PM, Eugen Leitl <eugen at leitl.org> wrote:
>>
>>>
>>> http://www.wired.com/threatlevel/2013/12/bgp-hijacking-belarus-iceland/
>>>
>>> Someone¹s Been Siphoning Data Through a Huge Security Hole in the
>>>Internet
>>> ...
>>
>>> In 2008, two security researchers at the DefCon hacker conference
>>> demonstrated a massive security vulnerability in the worldwide internet
>>> traffic-routing system ‹ a vulnerability so severe that it could allow
>>> intelligence agencies, corporate spies or criminals to intercept
>>>massive
>>> amounts of data, or even tamper with it on the fly.
>> ...
>>
>> Yes, nothing new to see here, networks don't do BGP filtering well, no
>>Film at 11?
>>
>> I've detected 11.6 million of these events since 2008 just looking at
>>the
>> route-views data.  Most recently the past two days 701 has done a large
>>MITM of
>> traffic.
>>
>> In other news, you can go read the other thread on this that happened
>>already.
>>
>> http://mailman.nanog.org/pipermail/nanog/2013-November/062257.html
>>
>> - Jared
>>
>>
>




More information about the NANOG mailing list