Sep 022008
 

Fundamental elements of Internet infrastructure have been in the news lately, and it hasn’t been a pretty picture.

Last month a serious security problem with the Domain Name System (DNS) was described by Dan Kaminsky at the Black Hat/DefCon show. I took at shot at describing the vulnerability here when the news first broke in July. Now Kim Zetter of Wired Magazine lays out another scary possibility – large scale interception of internet traffic simply by exploiting the properties of Border Gateway Protocol (BGP), the way large networks exchange traffic on the Internet:

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

Apparently this weakness has been known for years. But in the past it was assumed that it would result in the traffic not reaching its destination, therefore making it obvious something was wrong. But Anton Kapela and Alex Pilosov have demonstrated a tweak that forwards the traffic to its proper destination after the hijack, making the interception hard to detect without detailed analysis:

But in the past, known IP hijacks have created outages, which, because they were so obvious, were quickly noticed and fixed. That’s what occurred earlier this year when Pakistan Telecom inadvertently hijacked YouTube traffic from around the world. The traffic hit a dead-end in Pakistan, so it was apparent to everyone trying to visit YouTube that something was amiss.

Pilosov’s innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs.

Ordinarily, this shouldn’t work — the data would boomerang back to the eavesdropper. But Pilosov and Kapela use a method called AS path prepending that causes a select number of BGP routers to reject their deceptive advertisement. They then use these ASes to forward the stolen data to its rightful recipients.

“Everyone … has assumed until now that you have to break something for a hijack to be useful,” Kapela said. “But what we showed here is that you don’t have to break anything. And if nothing breaks, who notices?”

I’m surprised there hasn’t been more coverage of this problem. The only other story I found was by Tom Claburn of InformationWeek. As I was reading, I couldn’t help thinking about the rise of SaaS and cloud computing, and how they depend on reliable, secure internet connectivity. If the Internet is going to become the main conduit for the applications both businesses and consumers depend on, fundamental issues of security need to be addressed.

  One Response to “Is the Internet Really Ready for Prime Time?”

  1. Great read, will come back for more soon, thanks

 Leave a Reply

(required)

(required)