We have seen several issues this year. The SNMPv3 issue, the DNS issue and now the BGP issue (slashdot).
BGP stand for Border Gateway Protocol and is the core routing protocol of the Internet.
A good example of what can go wrong when someone can inject wrong or false routes into BGP is the story where Youtube became unreachable by the hands of Pakistan Telecom (Renesys blog).
Now how serious is this? Well, just like the DNS issue, it's not the first attack or issue we have seen. So let's not overhype this. There is no money to be made with bringing down the internet. And redirect routes through BGP is like working with a sledgehammer, it's not really subtle.
Dan Kaminsky has a very good article discussing the SNMP, DNS and BGP issue together and is a must read (doxpara.com). Like he said, it's 2008 and we need to look at some of our core protocols and the way they do authentication and encryption.
(Photo under creative commons from billaday's photostream)
Wednesday
BGP, DNS, SNMPv3 flaws. Is the internet hosed?
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment