Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/27/2008
02:51 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The 'Poor Man's Traffic Intercept'

A weakness in the Border Gateway Protocol makes the Internet's core infrastructure look about as watertight as a screen door.

So you want to intercept Internet traffic? If the National Security Agency is too busy to help out, you could always exploit a weakness in the Border Gateway Protocol that was demonstrated at the DEFCON security conference earlier this month.

As explained by Wired's Kim Zetter, it's possible to conduct a man-in-the-middle attack that exploits the shortcomings of BGP to cause a router to redirect network traffic.

To understand the impact of such redirection, rewind to February, when Pakistan's attempt to censor YouTube caused collateral damage to Internet traffic routing that spread to PCCW, an ISP based in Hong Kong, and from there to other servers across the globe. The result was that YouTube was inaccessible around the world.

However, this kind of traffic redirection can be done without breaking anything. The technique demonstrated by Anton Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, could be done discreetly, without creating a major outage that everyone would notice.

As Kapela explained in a message sent to the North American Network Operators Group mailing list, "In a nutshell, we demonstrated that current lack of secure filtering infrastructure not only permits [denial of service]-like attacks, but also full 'traffic monitoring' of arbitrary prefixes from essentially anywhere in the world."

In a blog post, Danny McPherson, chief research officer at Arbor Networks, wrote, "[Y]ou could liken this to a poor man's traffic intercept." Most governments and intelligence agencies, he suggested, don't need to do this because they can intercept network traffic at a lower-level network layer.

Viewed in conjunction with the DNS vulnerability that security researcher Dan Kaminsky disclosed at the Black Hat conference earlier this month, the Internet's core infrastructure looks about as watertight as a screen door.

This isn't a new problem. Government and academic networking researchers have known about this and related issues for years. Sites like the Internet Alert Registry and the Prefix Hijack Alert System represent an attempt to identify potential attempts to hijack Internet traffic. And projects like Secure Inter-Domain Routing and Resource PKI offer potential fixes.

In February, when Pakistan brought renewed attention to the issue, Steve Bellovin, a Columbia University computer science professor, posted a message to the NANOG list in which he observed that the Internet technical community has been warning about routing problems like this. He called for deployment of S-BGP, a more secure version of the routing protocol, despite deployment and operational issues that still need to be resolved.

"The question is this: when is the pain from routing incidents great enough that we're forced to act?" Bellovin wrote. "It would have been nice to have done something before this, since now all the world's script kiddies have seen what can be done."

McPherson sees information presented by Kapela and Pilosoft more as the novel expansion of a longstanding vulnerability rather than the revelation of a major hole in the Internet. But he said that renewed attention to BGP's problems "should serve as a reminder for folks that if you have any expectations of transaction privacy on the Internet, you should be employing end-end encryption (e.g., IPSEC)."

Managing risk is the top security issue facing IT professionals, according to the 2008 InformationWeek Strategic Security Survey. The survey of 2,000 IT professionals also found that IT is years behind other disciplines in adopting systematic risk management processes. You can learn more about the InformationWeek Strategic Security Survey by downloading an InformationWeek Analytics report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.