Just a FYI folks....from one of the hacker lists I'm on...
Speaking of taking down the internet
Extra points for only needing to affect one device and having that device successfully spread the payload to every other device as a part of it's routine network communications. Think you can't cross boundaries between different chipsets as implemented by different vendors (i.e. Cisco exploit code which wouldn't presumably work on Foundry gear)? Think again. Think polymorphic multi-architecture assembly. Think stuff that we were doing for fun in a hotel room at Defcon two years ago.
Heh. That's fucking evil, Dan. That's completely fucking evil. I like it. The only problem I can see with it is that it'd take a lot of space. Routers are tight on how much you can fit into 'em, and I think you'd stand a good chance at setting off an alarm somewhere by adding that much code. But maybe not... you could even store the code remotely... have your evil router 'upgrade' it's neighbors. But then you might get caught by an IDS system. Probability is low on that happening, though. Needle in a haystack.
How about using the same plan, except instead of just making the routing infrastructure go dead, how about spicing it up a little and have it go after the root DNS servers? Thousands of devices on the backbone stuffing a DoS down an OC192 circuit at 9.6 Gigs per second would certainly have folks confused, I'd imagine. Especially if you spoofed the source addresses.
Every time they trace the attack back to the other side of yet another router, it looks like the problem is further away. People would be completely mystified. Traffic coming from the routers would just look like traffic coming from something on the other side of the routers. And it would be... each router would be generating (and routing) a huge attack. And as pretty much all communication would be down, even if a couple folks figured it out, they'd have no easy way to spread the word of what was happening. Although I'm sure it would certainly hit the news.
Having said all of that, it's a cool (in the sense of being skillful) attack against the Global Data Network, but hardly the easiest. It would probably cost lots less overall to just crash something big or something that goes boom over at Verisign and/or some places in the EU. I'm sure they have plumbing. Computers still don't like water.
And fiber still doesn't like tractors ;-)
Hmmm...? You make the decision if this is relevant...you didn't hear it from me...