peterw
New Member
The New Threat: Targeted Internet Traffic Misdirection
Traffic interception has certainly been a hot topic in 2013.
The world has been focused on interception carried out the old fashioned way,
by getting into the right buildings and listening to the right cables.
But there’s actually been a significant uptick this year in a completely different kind of attack,
one that can be carried out by anybody, at a distance, using Internet route hijacking.
After consultations with many of the affected parties, we’re coming forth with some details in
the hope that we can make this particular vulnerability obsolete.
Example 2: Icelandic Traffic Diversion
After this “first light” from Iceland in May, there were
no more route hijacks from Iceland for more than two months.
Then, at 07:36:36 UTC on July 31st 2013, Icelandic provider
Opin Kerfi (AS48685) began announcing origination routes for 597 IP networks
owned by one of the largest facilities-based providers of managed services
in the United States, a large VoIP provider. On a normal day,
Opin Kerfi normally originates only three IP networks, and has no downstream AS customers.
True words. Can't believe that this is happening and nobody cares.Implications
In practical terms, this means that Man-In-the-Middle BGP route hijacking
has now moved from a theoretical concern to something that happens fairly regularly,
and the potential for traffic interception is very real. Everyone on the Internet —
certainly the largest global carriers, certainly any bank or credit card processing
company or government agency —
should now be monitoring the global routing of their advertised IP prefixes.
Last edited by a moderator:
