It is scary but also requires a bit more sophistication than something like the DNS attacks require. In this case though it is abstracted a layer from average IT so most of you don't have to worry about it in the sense that there is not necessarily a lot you can do about it :-p except the usual smart things like using certificate encryption/authorization from point to point locations so even if router traffic is rerouted/captured it won't matter because the data is encrypted and authenticated.
The specific attack in question would require someone to first compromise a system on a network that is deep enough in that it providers peering and BGP functionality. This is not hard to accomplish however as you can simply target any number of individuals on the NANOG mailing list, a lot of which have this sort of backbone access. Once you compromise their system and are in their network everything becomes a lot more straight forward where you are not as much exploiting a specific vulnerability but an overall design failure to which there isn't really a patch for or even a good Band-Aid like source port randomization with DNS. These attacks are not anything new, again a bit like DNS, but it is still good they are getting attention. The attacks were first describe by a research friend of mine Mudge many years ago. In fact Mudge and the other guys in l0pht even famously testified about before the Senate at one point about taking down the internet in 30 minutes, and this was because of flaws in BGP. In fact talking to mudge recently he mentioned that these new BGP vulnerability guys mentioned that mudges attack was far more evil than theirs. When you think about your internet traffic and communication between two points you have to ALWAYS assume it is compromised and therefore for sensitive things act accordingly. -Marc Maiffret > -----Original Message----- > From: Andy Ognenoff [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 27, 2008 7:27 AM > To: NT System Admin Issues > Subject: BGP Hole? > > Anybody see this? Scary. > > http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html > > - Andy O. > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
