Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
Jared Mauch
jared at puck.nether.net
Sat Dec 7 20:05:09 UTC 2013
On Dec 6, 2013, at 2:57 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Fri, Dec 06, 2013 at 01:05:54PM -0500,
> Jared Mauch <jared at puck.nether.net> wrote
> a message of 36 lines which said:
>
>> I've detected 11.6 million of these events since 2008 just looking at the
>> route-views data. Most recently the past two days 701 has done a large MITM of
>> traffic.
>
> The big novelty in the Renesys paper is the proof (with traceroute)
> that there was a return path, something which did not exist in the
> famous Pakistan Telecom case, or in most (all?) other BGP
> hijackings. This return path allows to attacker to really get access
> to the data with little chance of the victim noticing. That's
> something new.
I've been sending the traceroutes to networks for years to get them to clean up their acts. I guess the lesson is publish often?
Folks can see the prefixes involved here:
http://puck.nether.net/bgp/leakinfo.cgi
The ASN search works best. I'll work on optimizing the prefix stuff as it's not returning "promptly".
- Jared
More information about the NANOG
mailing list