Thinking about a physical threat... If you go to 111 8th ave, NYC. They have added security since 9-11-01 which now requires either building ID, or showing a driver's license before entering building (because terrorists don't have driver's licenses). On some floors (eg the 7th). The building risers and conduits are completely exposed. I can't help but wonder how much damage a terrorist attack to that would do. Also, say someone from a moderately fast internet connection (OC-3) ran nmap across the entire internet on ports like 21,22,53,80,443,3306. In one day, they can probably have a list of every server answering those ports, and the versions of the daemons on them. Next, just wait for an wide enough exploit to come out, and then write a Trojan that has a list of every other server vulnerable, and on every hack, it splits the list in 2, and roots another box and gives it the 2nd half of the list. I estimate that with a wide enough exploit (eg apache or openssh), you could probably compromise 20% of the servers on the net within 1 hour, and then have them all begin a ping flood of something "far away" network wise (meaning a box in NYC would flood a box in SJC, a box in SJC would flood a box in Japan, etc... Trying to have as much bit distance as possible). Damn scary, but I believe if someone was determined enough, they could take down the whole 'net within one hour of pressing "enter". I suppose there really isn't anything that can be done at this point to make that scenario impossible. --Phil -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jason Lewis Sent: Thursday, July 04, 2002 1:57 PM To: nanog@merit.edu Subject: Internet vulnerabilities There is a lot of news lately about terrorist groups doing recon on potential targets. The stories got me thinking. What are the real threats to the global Internet? I am looking for anything that might be a potential attack point. I don't want to start a flame war, but any interesting or even way out there idea is welcome. Is it feasible that a coordinated attack could shutdown the entire net? I am not talking DDoS. What if someone actually had the skills to disrupt BGP on a widescale? jas