
On Sat, 16 Sep 2000, Timothy Brown wrote: : :a) Has there ever been a published man-in-the-middle attack of someone using : BGP to affect someone else's network? :b) Does anyone know of other groups that are focusing on developing new ways : of combating the vulnerabilities? You won't see much of this in the wild. Some route spoofing, using an unauthenticated IGP, that gets redistributed into BGP has been known to happen occasionally though. Insertion attacks against BGP are difficult because the sessions tend to be over a single physical wire between peers. Sniffing the tcp session using something like 'hunt' and then doing insertion would require control of an intermediate switch between peers (which has also been known to happen). If you are interested in other attacks against BGP, please see http://www.blackhat.com/html/bh-usa-99/bh3-speakers.html and look for the BGP talk. In hindsight, I think there are a couple of technical errors, you'll get the idea. Jeremy Rauch from SecurityFocus.com has a presentation in more recent Blackhat conferences about routing protocols in general. I also noticed that Internet Routing Architectures Second Edition, published this year, provides remedies to the problems I brought up in this presentation. They weren't anything really new, but they were new for many folks in the security biz. Thus I'm not terribly offended at not being mentioned as a reference in the new edition;) (would have been nice tho) Most of the security problems affecting BGP peers are IGP redistribution, (inward and outward), community configuration, and little in the way of implemented authentication by most vendors at the time. The biggest problem are bad or lack of proper filtering, and people still doing simple as_path based filtering and not filtering by specific prefix/len. -- batz Chief Reverse Engineer Superficial Intelligence Research Defective Technologies