Printed from http://www.electronista.com

'Huge' exploit threatens most Internet data

updated 11:55 am EDT, Wed August 27, 2008

Internet BGP Exploit

A new security hole in the Internet Protocol is potentially the most severe ever discovered, according to a presentation by security experts Anton Kapela and Alex Pilosov. The two have revealed that the inherent nature of the Border Gateway Protocol (BGP), which is essential for optimizing and routing traffic on the Internet, allows a hacker to redirect traffic to his own servers and forward it along without interrupting connections or otherwise immediately exposing the attack. The method would allow a malicious user to either spy on unprotected traffic or alternately 'poison' the data with altered code before it reaches its destination.

The method can't easily be fought since the BGP protocol itself requires an explicit level of trust to work as written, the experts say. The currently proposed solution would rely on BBN Technologies chief security scientist Stephen Kent's recently developed Secure BGP standard, which would force each router online to sign its routing map data and let network providers determine whether or not they will accept changes made by that router. A provider could establish blacklists that cut off unknown or actively hostile routers.

When a fix could be implemented is unknown and may not be likely in the near future, as a similar approach was demonstrated as early as 1998 but hasn't been introduced due to the performance issues associated with signing traffic in real time. The absence of a full attack using existing BGP flaws has also reduced the pressure to implement any short-term fixes.

News of the possible attack follows after revelations of a Domain Name Server (DNS) exploit earlier in the year that could falsely point users intending to visit one website to a different address, opening them to web-based attacks. Most operating system and browser developers affected by the DNS hole have patched against it.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. nat

    Junior Member

    Joined: Mar 2002

    -1

    what

    what is the device in the picture?

  1. Kainzow

    Fresh-Faced Recruit

    Joined: May 2007

    +1

    It is

    a Belkin N1 Vision wireless router:http://www.belkin.com/n1vision/intro/

  1. lkrupp

    Junior Member

    Joined: May 2001

    -3

    Uh Oh!

    Somehow, someway , this is all Apple's fault. That's how the Mac universe operates. Blaming Apple is like Einstein's theory of general relativity; it's a basic law of the physical world.

  1. Smurfman

    Fresh-Faced Recruit

    Joined: May 2001

    0

    IPv6 a solution??

    Would IPv6 be a solution to this problem?? Requiring router certificates seems an extreme amount of work!

    If the internet standardizes on IPv6, there may not even be a need for routers or firewalls! Anyone who knows more on this subject, please enter your 2 worth.

  1. icewing

    Fresh-Faced Recruit

    Joined: May 2008

    +2

    Huh?!?

    Who's blaming Apple? I didn't even see Apple mentioned in the article. ???

  1. amutti

    Fresh-Faced Recruit

    Joined: Jan 2005

    +2

    IPv6

    IPv6 should not allow 'spying' or 'poisoning' of data due to the required IPsec.

  1. macomaciak

    Fresh-Faced Recruit

    Joined: Aug 2008

    0

    IPv6

    a lot of ipv6 features have been backported to ipv4, so we have them already. anyway, to trust routing or to trust DNS seems just ridiculous to me. that is what the SSL (and other) mechanisms are for: to encrypt the traffic between two hosts and to establish the identity of the server (and in some cases that of the client too) in a first place - presenting the valid certificate.

    so as long as for secure communication (like with your bank) a secure protocol is used (which is) you are not affected by any of these vulnerabilities.
    if you still use telnet in 2008.. good luck!



Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News