[59853] in North American Network Operators' Group
Re: Cisco vulnerability and dangerous filtering techniques
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Jul 23 08:42:20 2003
Date: Wed, 23 Jul 2003 08:09:11 -0400
From: "Patrick W. Gilmore" <patrick@ianai.net>
To: nanog@merit.edu
In-Reply-To: <20030723055937.GW20396@overlord.e-gerbil.net>
Errors-To: owner-nanog-outgoing@merit.edu
-- On Wednesday, July 23, 2003 01:59 -0400
-- Richard A Steenbergen <ras@e-gerbil.net> supposedly wrote:
> On Tue, Jul 22, 2003 at 05:53:45PM -0400, Valdis.Kletnieks@vt.edu wrote:
>> On Tue, 22 Jul 2003 17:51:20 EDT, alex@yuriev.com said:
>>
>> > I guess all folks with Ph.D. at Akamai really are paid for nothing if a
>> > virus could calculate that with a few traceroutes.
Let's hope not. :)
>> It's actually pretty easy if you get 20K distributed zombies doing the
>> traceroutes and then distributing the data to each other. Given that
>> data, it's pretty easy to compute the graph - every router running BGP
>> has to do similar. :)
I am not sure why you would even need "a few" traceroutes. Why not just
load the virus with, say, the top 10 or 100 ASes, then use one of those
kewlio traceroute programs that give you AS info. Do *one* or maybe a
couple traceroutes, hit the last big AS in the list, and work your way back
home.
> Sounds like said virus implementor should go into the optimized routing
> business. Personally I'm gonna call bullshit on that one until I see it
> done.
No comment. :)
>> The Akamai problem is how to do it *without* having 20K boxes doing
>> traceroutes. ;)
>
> How many boxes does Akamai have? :)
Last press release was a little over 15K boxes in over 1100 networks in 66
countries. But I would not call them zombies.
Is that more or less distributed than your typical 'bot-net?
--
TTFN,
patrick
