Guest ~BD~ Posted August 28, 2008 Posted August 28, 2008 Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination. The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness. "It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail." The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network. Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can't always vacuum in traffic within a network -- say, from one AT&T customer to another. The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs. Read more here:- http://blog.wired.com/27bstroke6/2008/08/r...led-the-in.html Quote
Guest James Matthews Posted August 28, 2008 Posted August 28, 2008 This attack has been around for about 10 years now! -- http://www.goldwatches.com/ "~BD~" <~BD~@nospam.invalid> wrote in message news:ebiHptSCJHA.4916@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Two security researchers have demonstrated a new technique to stealthily > intercept internet traffic on a scale previously presumed to be > unavailable to anyone outside of intelligence agencies like the National > Security Agency. > > The tactic exploits the internet routing protocol BGP (Border Gateway > Protocol) to let an attacker surreptitiously monitor unencrypted internet > traffic anywhere in the world, and even modify it before it reaches its > destination. > > The demonstration is only the latest attack to highlight fundamental > security weaknesses in some of the internet's core protocols. Those > protocols were largely developed in the 1970s with the assumption that > every node on the then-nascent network would be trustworthy. The world > was reminded of the quaintness of that assumption in July, when researcher > Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts > say the new demonstration targets a potentially larger weakness. > > "It's a huge issue. It's at least as big an issue as the DNS issue, if not > bigger," said Peiter "Mudge" Zatko, noted computer security expert and > former member of the L0pht hacking group, who testified to Congress in > 1998 that he could bring down the internet in 30 minutes using a similar > BGP attack, and disclosed privately to government agents how BGP could > also be exploited to eavesdrop. "I went around screaming my head about > this about ten or twelve years ago.... We described this to intelligence > agencies and to the National Security Council, in detail." > > The man-in-the-middle attack exploits BGP to fool routers into > re-directing data to an eavesdropper's network. > > Anyone with a BGP router (ISPs, large corporations or anyone with space at > a carrier hotel) could intercept data headed to a target IP address or > group of addresses. The attack intercepts only traffic headed to target > addresses, not from them, and it can't always vacuum in traffic within a > network -- say, from one AT&T customer to another. > > The method conceivably could be used for corporate espionage, nation-state > spying or even by intelligence agencies looking to mine internet data > without needing the cooperation of ISPs. > > Read more here:- > http://blog.wired.com/27bstroke6/2008/08/r...led-the-in.html > > > > > </span> Quote
Guest ~BD~ Posted August 29, 2008 Posted August 29, 2008 "James Matthews" <jamesmatt18@gmail.com> wrote in message news:BB8FA55C-BF92-45AE-B563-A8D5DBCFFAC8@microsoft.com...<span style="color:blue"> > This attack has been around for about 10 years now! > > -- </span> So ........... no need to be concerned? Further detail here: http://www.theregister.co.uk/2008/08/27/bg...ploit_revealed/ Quote
Guest S. Pidgorny Posted August 29, 2008 Posted August 29, 2008 G'day: ~BD~ wrote: <span style="color:blue"> > So ........... no need to be concerned?</span> We are concerned. Which is why we use secure communications where possible: Internet never guaranteed either particular route for the traffic we originate or reaching the destination. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- http://sl.mvps.org http://msmvps.com/blogs/sp Quote
Guest Dan Posted August 29, 2008 Posted August 29, 2008 Nope, good-old fashioned security and safety is where it lies. Remember, that I am sure they must even scan within the White House, Capitol Building, Supreme Court, etc. for bugs and stuff. Just remember that privacy ever since September 11, 2001 is now truly an illusion but just live out your life, enjoy it when you can and when sh_t really hits the fan, relax, take a few breaths, drink some water, focus on dreamland then go home from work and chill with a beer or three and/or some alcholic drinks as long as you are 21 and not driving that night to remind yourself that what you really want is to watch a good movie and perhaps an 80's classic like Sneakers and or Enemy of the State, and or Air Force One or perhaps my all time favorite old-school movie "It's a Wonderful Life" and it makes me feel joy because each one of us is indeed special, unique and wonderful in our own way and if we did not exist then there would be no computers either unless some other being invented them. <smiles> "~BD~" wrote: <span style="color:blue"> > > "James Matthews" <jamesmatt18@gmail.com> wrote in message > news:BB8FA55C-BF92-45AE-B563-A8D5DBCFFAC8@microsoft.com...<span style="color:green"> > > This attack has been around for about 10 years now! > > > > -- </span> > > So ........... no need to be concerned? > > Further detail here: > http://www.theregister.co.uk/2008/08/27/bg...ploit_revealed/ > > > </span> Quote
Guest ~BD~ Posted August 29, 2008 Posted August 29, 2008 My favourite movie? "It's a Wonderful Life"! style_emoticons/)) http://www.imdb.com/video/screenplay/vi1101988121/ Dave -- "Dan" <Dan@discussions.microsoft.com> wrote in message news:2FE5ED14-DCEA-42EA-8530-206A58D58BEC@microsoft.com...<span style="color:blue"> > Nope, good-old fashioned security and safety is where it lies. Remember, > that I am sure they must even scan within the White House, Capitol > Building, > Supreme Court, etc. for bugs and stuff. Just remember that privacy ever > since September 11, 2001 is now truly an illusion but just live out your > life, enjoy it when you can and when sh_t really hits the fan, relax, take > a > few breaths, drink some water, focus on dreamland then go home from work > and > chill with a beer or three and/or some alcholic drinks as long as you are > 21 > and not driving that night to remind yourself that what you really want is > to > watch a good movie and perhaps an 80's classic like Sneakers and or Enemy > of > the State, and or Air Force One or perhaps my all time favorite old-school > movie "It's a Wonderful Life" and it makes me feel joy because each one of > us > is indeed special, unique and wonderful in our own way and if we did not > exist then there would be no computers either unless some other being > invented them. <smiles> > > > "~BD~" wrote: ><span style="color:green"> >> >> "James Matthews" <jamesmatt18@gmail.com> wrote in message >> news:BB8FA55C-BF92-45AE-B563-A8D5DBCFFAC8@microsoft.com...<span style="color:darkred"> >> > This attack has been around for about 10 years now! >> > >> > -- </span> >> >> So ........... no need to be concerned? >> >> Further detail here: >> http://www.theregister.co.uk/2008/08/27/bg...ploit_revealed/ >> >> >></span> > </span> Quote
Guest Anteaus Posted August 30, 2008 Posted August 30, 2008 Personally I'm more concerned about technologies like Phorm, which would hijack my data at the ISP. I see this as far more likely to result in misuse of data than packet-sniffing of any kind. "~BD~" wrote: <span style="color:blue"> > Two security researchers have demonstrated a new technique to stealthily > intercept internet traffic on a scale previously presumed to be unavailable > to anyone outside of intelligence agencies like the National Security > Agency. > </span> Quote
Guest Dan Posted August 30, 2008 Posted August 30, 2008 Yup, that is the movie, BD -- grins "~BD~" wrote: <span style="color:blue"> > My favourite movie? > > "It's a Wonderful Life"! style_emoticons/)) > > http://www.imdb.com/video/screenplay/vi1101988121/ > > > Dave > > -- > > "Dan" <Dan@discussions.microsoft.com> wrote in message > news:2FE5ED14-DCEA-42EA-8530-206A58D58BEC@microsoft.com...<span style="color:green"> > > Nope, good-old fashioned security and safety is where it lies. Remember, > > that I am sure they must even scan within the White House, Capitol > > Building, > > Supreme Court, etc. for bugs and stuff. Just remember that privacy ever > > since September 11, 2001 is now truly an illusion but just live out your > > life, enjoy it when you can and when sh_t really hits the fan, relax, take > > a > > few breaths, drink some water, focus on dreamland then go home from work > > and > > chill with a beer or three and/or some alcholic drinks as long as you are > > 21 > > and not driving that night to remind yourself that what you really want is > > to > > watch a good movie and perhaps an 80's classic like Sneakers and or Enemy > > of > > the State, and or Air Force One or perhaps my all time favorite old-school > > movie "It's a Wonderful Life" and it makes me feel joy because each one of > > us > > is indeed special, unique and wonderful in our own way and if we did not > > exist then there would be no computers either unless some other being > > invented them. <smiles> > > > > > > "~BD~" wrote: > ><span style="color:darkred"> > >> > >> "James Matthews" <jamesmatt18@gmail.com> wrote in message > >> news:BB8FA55C-BF92-45AE-B563-A8D5DBCFFAC8@microsoft.com... > >> > This attack has been around for about 10 years now! > >> > > >> > -- > >> > >> So ........... no need to be concerned? > >> > >> Further detail here: > >> http://www.theregister.co.uk/2008/08/27/bg...ploit_revealed/ > >> > >> > >></span> > > </span> > > > </span> Quote
Guest Dan Posted August 30, 2008 Posted August 30, 2008 http://en.wikipedia.org/wiki/Phorm Yeah, I read about this and do not like it either. Thanks for your viewpoint, Anteaus. "Anteaus" wrote: <span style="color:blue"> > Personally I'm more concerned about technologies like Phorm, which would > hijack my data at the ISP. I see this as far more likely to result in misuse > of data than packet-sniffing of any kind. > > "~BD~" wrote: > <span style="color:green"> > > Two security researchers have demonstrated a new technique to stealthily > > intercept internet traffic on a scale previously presumed to be unavailable > > to anyone outside of intelligence agencies like the National Security > > Agency. > > </span> > </span> Quote
Guest FromTheRafters Posted August 30, 2008 Posted August 30, 2008 Deep Pack Inspection is packet sniffing. The original topic of this thread isn't packet sniffing it is IP hijacking. In fact it may be a way to accomplish what you fear Phorm will do - but without any cooperation by the ISPs. "Anteaus" <Anteaus@discussions.microsoft.com> wrote in message news:623836B4-0F7E-46FB-873E-CC5F051783D6@microsoft.com...<span style="color:blue"> > Personally I'm more concerned about technologies like Phorm, which would > hijack my data at the ISP. I see this as far more likely to result in > misuse > of data than packet-sniffing of any kind. > > "~BD~" wrote: ><span style="color:green"> >> Two security researchers have demonstrated a new technique to stealthily >> intercept internet traffic on a scale previously presumed to be >> unavailable >> to anyone outside of intelligence agencies like the National Security >> Agency. >></span> > </span> Quote
Guest Dan Posted August 30, 2008 Posted August 30, 2008 Wow, that sounds really bad and serious as well. I guess we are headed down George Orwell's 1984 vision whether we like it or not. "FromTheRafters" wrote: <span style="color:blue"> > Deep Pack Inspection is packet sniffing. > The original topic of this thread isn't packet sniffing it is > IP hijacking. In fact it may be a way to accomplish what > you fear Phorm will do - but without any cooperation by > the ISPs. > > "Anteaus" <Anteaus@discussions.microsoft.com> wrote in message > news:623836B4-0F7E-46FB-873E-CC5F051783D6@microsoft.com...<span style="color:green"> > > Personally I'm more concerned about technologies like Phorm, which would > > hijack my data at the ISP. I see this as far more likely to result in > > misuse > > of data than packet-sniffing of any kind. > > > > "~BD~" wrote: > ><span style="color:darkred"> > >> Two security researchers have demonstrated a new technique to stealthily > >> intercept internet traffic on a scale previously presumed to be > >> unavailable > >> to anyone outside of intelligence agencies like the National Security > >> Agency. > >></span> > > </span> > > > </span> Quote
Guest marcelino martinez Posted September 14, 2008 Posted September 14, 2008 "Dan" <Dan@discussions.microsoft.com> escribió en el mensaje de noticias:2FE5ED14-DCEA-42EA-8530-206A58D58BEC@microsoft.com...<span style="color:blue"> > Nope, good-old fashioned security and safety is where it lies. Remember, > that I am sure they must even scan within the White House, Capitol > Building, > Supreme Court, etc. for bugs and stuff. Just remember that privacy ever > since September 11, 2001 is now truly an illusion but just live out your > life, enjoy it when you can and when sh_t really hits the fan, relax, take > a > few breaths, drink some water, focus on dreamland then go home from work > and > chill with a beer or three and/or some alcholic drinks as long as you are > 21 > and not driving that night to remind yourself that what you really want is > to > watch a good movie and perhaps an 80's classic like Sneakers and or Enemy > of > the State, and or Air Force One or perhaps my all time favorite old-school > movie "It's a Wonderful Life" and it makes me feel joy because each one of > us > is indeed special, unique and wonderful in our own way and if we did not > exist then there would be no computers either unless some other being > invented them. <smiles> > > > "~BD~" wrote: ><span style="color:green"> >> >> "James Matthews" <jamesmatt18@gmail.com> wrote in message >> news:BB8FA55C-BF92-45AE-B563-A8D5DBCFFAC8@microsoft.com...<span style="color:darkred"> >> > This attack has been around for about 10 years now! >> > >> > -- </span> >> >> So ........... no need to be concerned? >> >> Further detail here: >> http://www.theregister.co.uk/2008/08/27/bg...ploit_revealed/ >> >> >> </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.