Here's a [free] discussion of BGP threats from Dan Kaminski at DefCon 16 2008
(including information on what the HomeLand Security and NSA plan to do about
it):
http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html
There's a good indepth discussion of the BGP exploit from the archives of Wired
(November 2001 Umar Goldeli, A 30 minute crash-course on BGP 7 years after it
was identified).
Here are the Actual SLIDES from the DefCon 16 2008 discussion of the BGP
inherent flaw:
http://blog.wired.com/27bstroke6/files/edited-iphd-2.ppt
Patrick McDaniels' Trace of Current Internet BGP Exploits from 2005:
http://www.patrickmcdaniel.org/talks/deter-workshop-9-05.pdf
Here's the CERT proof of concept from 2004 for the script bgp-dosv2.pl:
http://www.us-cert.gov/cas/body/bulletins/SB2004_exploits.html
Here's the location of a BGP script from 2004 that runs the BGP Zero Window
exploit of sequence numbers from the archives:
http://packetstormsecurity.org/0404-exploits/
http://packetstormsecurity.org/papers/protocols/SlippingInTheWindow_v1.0.doc
Other script examples exist in the DefCon and 2600 archives from 1995 forward.
Extra Credit: Here's the TCP Zero Window Reset exploit (3 way RST handshake
exploit 1995 ) [also called "TCP TREASON"]:
http://articles.techrepublic.com.com/5100-10878_11-5201771.html
http://wapedia.mobi/en/Obnosis |
http://en.wiktionary.org/wiki/Citations:obnosis | Obnosis.com (503)754-4452
Laugh at this MSN Footer
_________________________________________________________________
Want to read Hotmail messages in Outlook? The Wordsmiths show you how.
http://windowslive.com/connect/post/wedowindowslive.spaces.live.com-Blog-cns!20EE04FBC541789!167.entry?ocid=TXT_TAGLM_WL_hotmail_092008
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
