[90933] in North American Network Operators' Group
Re: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (David Barak)
Wed Jun 21 12:03:47 2006
Date: Wed, 21 Jun 2006 08:59:39 -0700 (PDT)
From: David Barak <thegameiam@yahoo.com>
To: nanog@merit.edu
In-Reply-To: <5.0.0.25.2.20060621102801.03574c00@zircon.juniper.net>
Errors-To: owner-nanog@merit.edu
--- Ross Callon <rcallon@juniper.net> wrote:
> Another potential attack is an attempt to insert
> information
> into a BGP session, such as to introduce bogus
> routes, or
> to even become a "man in the middle" of a BGP
> session. One
> issue that worries me about this is that if this
> allows routing to
> be compromised, then I can figure out how to make
> money off
> of this (and if I can think of it, someone even
> nastier will probably
> also think of this). Of course this would be much
> more difficult to
> pull off, and might require viewing packets between
> routers to pull
> off, but if pulled off and not quickly detected
> could be unfortunate.
But it's safe to say that it would be a lot easier to
crack a router itself than to unobtrusively insert
useful false information, or if the ISP's routers are
sufficiently hardened, it would be easier to crack a
customer (or peer)'s router, and use that for the
injection.
The same mechanisa which can detect bogus prefixes
from a peer/customer can detect them from a hijacked
session. The cost/benefit ratio is better for
securing the routers themselves.
-David
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
