CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 27th, 2008

Border Gateway Protocol Might Be Exploited On Previously Presumed To Be Unavailable Scale

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper’s network. Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can’t always vacuum in traffic within a network, from one AT&T customer to another.

The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs. When a user types a website name into his browser or clicks “send” to launch an e-mail, a Domain Name System server produces an IP address for the destination. A router belonging to the user’s ISP then consults a BGP table for the best route. That table is built from announcements, or “advertisements,” issued by ISPs and other networks — also known as Autonomous Systems, or ASes — declaring the range of IP addresses, or IP prefixes, to which they’ll deliver traffic.

BGP eavesdropping has long been a theoretical weakness, but no one is known to have publicly demonstrated it until Anton “Tony” Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, showed their technique at the recent DefCon hacker conference. The pair successfully intercepted traffic bound for the conference network and redirected it to a system they controlled in New York before routing it back to DefCon in Las Vegas.

The technique, devised by Pilosov, doesn’t exploit a bug or flaw in BGP. It simply exploits the natural way BGP works. The issue exists because BGP’s architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they’re the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it’s the best path, it’s telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic.

Credit: Wired Blog Network

Share this item with others:

More on CyberInsecure:
  • AlertPay.com Hit By A Massive DDoS Attack, Outage Took A Day To Resolve
  • Computers With Internet Explorer And Google Chrome Installed Are At Risk
  • Zero-day Microsoft Windows NSlookup.exe Vulnerability Exploited In The Wild
  • Skype Encrypted Instant Messages Can Be Eavesdropped
  • One Of CNN Sports Websites Hacked By Chinese Anti-CNN Group

    • Posted in Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, August 27th, 2008 at 9:18 am and is filed under Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Border Gateway Protocol Might Be Exploited On Previously Presumed To Be Unavailable Scale

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »