List, [Apologies in advance for operational content. I Don't mean to distract readers from the usual flamewars about rfc1918, bogon filtering, and some of our favorite posters - gadi and n3td3v.] I'd like to give a heads-up to the NANOG community regarding the talk we recently gave at DEFCON. The slides can be found here: http://eng.5ninesdata.com/~tkapela/iphd-2.ppt In a nutshell, we demonstrated that current lack of secure filtering infrastructure not only permits DoS-like attacks, but also full "traffic monitoring" of arbitrary prefixes from essentially anywhere in the world. None of this should come as surprise to the NANOG and operationally-aware crowd - this has been discussed extensively previously before on-list, and extensively at conferences. Additional novelty presented is the returning of traffic back to victim network over Internet (creative as-path prepends & loop detection) and obscuring the 'additional hops' this sort of thing creates with additive ttl. Suggested additional reading below: http://www.nanog.org/mtg-9802/yu.ppt http://www.nanog.org/mtg-0010/ppt/tony.ppt http://www.nanog.org/mtg-0010/ppt/danny.ppt http://www.nanog.org/mtg-0206/ppt/security1.1.pdf http://www.nanog.org/mtg-0501/pdf/tauber.pdf http://www.nanog.org/mtg-0505/pdf/underwood.pdf http://www.nanog.org/mtg-0510/pdf/deleskie.pdf http://www.nanog.org/mtg-0602/pdf/boothe.pdf http://www.nanog.org/mtg-0610/presenter-pdfs/massey.pdf http://www.nanog.org/mtg-0806/presentations/wednesday/DanMcP_Route_Filter_Pa... http://www.nanog.org/mtg-0806/presentations/sunday/BRGREEN_prefix_filtering_... http://www.renesys.com/tech/presentations/pdf/menog3-youtube.pdf http://www.renesys.com/tech/presentations/pdf/nanog43-hijack.pdf -Tk/P.
URL works again. I had uploaded an edited version of the talk, but forgot to rename it. It's probably good that only a few of you saw the original, as it wasn't quite the 'professional' text that I'd typically write. Permissible and desired presentation formats and language at DEFCON don't have parallels in this venue. Best, -Tk
Anton Kapela wrote:
URL works again. I had uploaded an edited version of the talk, but forgot to rename it. It's probably good that only a few of you saw the original, as it wasn't quite the 'professional' text that I'd typically write. Permissible and desired presentation formats and language at DEFCON don't have parallels in this venue.
Hmmm. I don't know about that. I saw some very good presentations at DefCon. In particular the Tor presentations, nmap presentation, and a couple wireless talks I went to were all quite professionally and tastefully done. Oh the Web Application Firewall stuff was good too. -- Charles Wyble (818) 280 - 7059 http://charlesnw.blogspot.com CTO Known Element Enterprises / SoCal WiFI project
participants (2)
-
Anton Kapela
-
Charles Wyble