Presented at
Black Hat USA 1999,
July 8, 1999, 5:10 p.m.
(60 minutes).
Many sites believe that the only external threats to their network come from unsophisticated script kids or well funded corporate espionage projects. This problem is compounded by the underestimation of the former, and the belief that their organization is not of interest to the latter.
The reality is that the stakes are raised substantially if the company in question is publicly traded. By allowing any investor with a computer and an online trading account to have a vested interest in their share price, the status and information contained on their network acquires the speculative value of whatever capital an attacker would invest in the company.
With this motive established, we can examine some new threats and some existing threats in a new context. With the proliferation of online trading, new financial incentives exist for even the least sophisticated attacker to violate your network. [FUD]
This paper will deal with technical security issues affecting Internet transit points and providers, including the following points:
Security issues with the BGP4 protocol.
A brief overview of how the protocol operates and its function. Exploitable features of the protocol.
What damage can be done. Historical examples of catastrophic mis-configuration. Scale of interruption.
Brief overview of BGP communities and their use in directing traffic. Network providers that charge based upon measured traffic will be affected by this.
Using IP spoofing to send false UPDATE messages. How does it work? What implementations are vulnerable?
Misconfigured ingress and egress filters make the task of inserting bogus routing information into an AS's tables is simplified by this mistake.
Vendors that implement authentication in BGP4.
Password authentication of BGP sessions will prevent some attacks. Not all vendors implement this and will be vulnerable to attack.
Brief case study and architecture of an attack against a misconfigured network through the use of route spoofing .
Presenters:
-
Batz
- International backbone provider network analyst.
as batz
'batz' works for an international backbone provider as a network analyst. He is also a security consultant who does not talk about who he has worked for.
Similar Presentations: