.

Revealed: The Internet's Biggest Hole

<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Sep 06, 2008 10:58 pm

Revealed: The Internet's Biggest Hole

I didn't know where to post this or if it is a re post but I found this to be very interesting.http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

My question is though how would I demonstrate this to my organization? I have brought it to their attention and we to meet to discuss the implications.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Sun Sep 07, 2008 1:12 am

Re: Revealed: The Internet's Biggest Hole

I would suggest not trying to demonstrate it.  Normally BGP Hijacking causes a denial of service attack.  The new method uses AS path prepending so that it can send captured traffic to the real destination; originally, the hijacking AS became a black hole for the captured traffic.  Unless you're really familiar with BGP and with the details of the attack, you're probably just going to cause a denial of service attack.

As I understand it, the attack allows a rogue BGP router to advertise IP addresses that it doesn't actually deliver to.  An attacker wouldn't actually send malicious traffic to your site.  Instead, he'd tell other sites he can deliver to your IPs, read or modify the traffic that is sent to him, then forward it on to your network.  Unless you checked the global BGP routing table, you probably wouldn't notice anything except some extra latency.  To demonstrate the attack, you're going to need BGP routers on two different ASes: one victim and one attacker.

Unless you're an ISP, you can't prevent this attack.  In order to prevent this, ISPs are going to have to be more aggressive about filtering what their neighbor ASes advertise to them.  The best thing you can do is to research the issue so that you and your organization understand it and then contact your ISP to see what they are doing to prevent such attacks--probably, they should be doing some filtering on the advertisements they accept.

That said, I'm not a BGP expert.  What I've said here is based on my own readings about the attack.  If there is anyone on this forum who can offer some more insight (or corrections), I'd be much obliged.

The paper about the attack is located here:

http://blog.wired.com/27bstroke6/files/ ... hijack.pdf
BS in IT, CISSP, MS in IS Management (in progress)

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software