back to article Boffins: Internet transit a vulnerability

If you think of an Internet exchange, you probably think of infrastructure that's well-protected, well-managed, and hard to compromise. The reality, however, might be different. According to research by Stanford University's Daniel Kharitonov, working with TraceVector's Oscar Ibatullin, there are enough vulnerabilities in …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Interesting

    This would have been feasible only for "resourced adversaries" in the past. You need routers, ASICs to test your code, etc. An interesting side effect of security through obscurity I guess.

    However, NFV and SDN change that. Forwarding packets under external software control on a commodity platform (be it Intel or cheap off the shelf switch) gives even garage Joe (or whatever the DAV wannabie is called nowdays) the ability to polish and test an exploit before attacking an NFV (or SDN) target.

    1. Jellied Eel Silver badge

      Re: Interesting

      It's the commoditisation of the Internet. Back in the good'ol days, access and knowledge about telco infrastructure was limited to mostly those that worked for telcos and some big corporates. Along came the interwebz and now anyone can play with most of the same kit as telcos/ISPs/IXPs use. An Internet exchange isn't particularly sophisticated and mostly just a collection of big switches. Or for smaller exchanges, smaller switches that can be picked up on Ebay. And the IXP's 'public', so an exercise in how to break out of the forwarding plane to the control plane.

      And being commodity kit, once you've done that, you've got the same exploit to attack similar targets like trading exchanges, large corporates etc etc.

  2. Allan George Dyer
    Black Helicopters

    I thought SOP was to hand the Internet exchange a secret federal court order.

  3. jake Silver badge

    Uh ...

    Duh?

    Don't put stuff on tehintrawebtubes that you wouldn't shout from the roof-tops.

    1. Destroy All Monsters Silver badge

      Re: Uh ...

      No, jake, no. Bad!

      1. jake Silver badge

        "Bad", DAM? Really? (was: Re: Uh ...)

        Please, explain your reasoning. I'm all earseyes.

  4. amanfromMars 1 Silver badge

    Thor's Hammer for those who invest in SHIELD Industries and SMARTR MetaDataBase AIMethodologies?:-)

    Yes, quite so, Richard Chirgwin. The only real choice then is whether to be hero or villain, friend or foe with the wielding of what one would know. ...... which is no brainer for all who would know more than just a little about the impossibility of anything being impossible and therefore anything being most likely and very probable to ensure and assure advantage remains absolutely in a creative affirmative rather than destructive disruptive virtual command with remote control of operations systems.

  5. RainForestGuppy

    What's new here??

    Sorry but is this the best that "Security researchers" at Stanford have come up with??

    Talk about dumbing down. This is just standard Internet security 101 stuff.

  6. John Smith 19 Gold badge
    Meh

    Internet phone tap. Not just for the FBI. Now *anyone* can play.

    As they have since Kevin Mitnick used to re-directed attempts by Bell security to trace his calls.

    Back in the 80s.

    And given that most router software appears to be based around Linux versions (so source is "sort of" accessible) the remote exploit issue does not seem that big a stretch.

    Bottom line. Nothing new under the sun.

    More people should be aware all comms systems are compromised by "legitimate" actors (IE operating country security and police services).

    The questions are a)How easy is it for everyone else to gain access and b)How worried should you be if a 3rd party knows about your "stuff *"

    *Where "stuff" ranges from your somewhat catty remarks about a gf/bf up to the revised nuclear weapons release and launch codes (yes, I know that should not be accessible anywhere on the open internet, only sent through dedicated systems etc, but what routers do those system run over?)

  7. Anonymous Coward
    Anonymous Coward

    Let me get this straight

    So if :

    1) I can identify a device in the path of traffic I am interested in - quite feasible although sometimes the complexity of ISP networks with failover and load balancing can make things hard, but ok I'll give you this as "possible"

    2) Exploit some sort of vendor weakness in that device you've identified - ok so you've now got admin control of the router, I've never seen such an exploit in a industrial grade router, but maybe...just maybe

    3) Copy traffic to a host you control - ok now you've lost credibility, unless you are making the assumption that you've got a owned server on a port that you can swing port mirroring onto without any alarm bells going off.

    Really, to be honest this is about on par with my plan to take over the world:

    1) Gain access to White House

    2) Steal nuclear command and control briefcase

    3) Send emails to world leaders saying I will nuke their ass if they don't pay me a billion euros worth of uncut diamonds

    Shiz, I've just discovered a major flaw in global security! Quick, phone the newspapers!

    1. amanfromMars 1 Silver badge

      Re: Let me get this straight

      Shiz, I've just discovered a major flaw in global security! Quick, phone the newspapers! …. Anonymous Coward Posted Thursday 26th September 2013 10:03 GMT

      Is that the same flaw/same type of system flaw that allows bankers to hold nations and peoples to ransom and reward themselves obscenely for it too, AC?. You know, the same type of flaw that Henry Ford advised and warned against almost a century ago ….. "It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning."

      With information and intelligence now being so free and unburdened, who would want to be a banker whenever the mob comes a'knock knock knocking with nary a NOC agent in sight or available to provide relief and/or arrange sanctuary.

      After the wild party, is there the hangovers and untold bills to survive and/or pay for.

      1. amanfromMars 1 Silver badge

        Where to rest paper money whenever safe havens are full of pirates and right dodgy characters?* :-)

        And I have no commentary to add to this ....... but it is not a glitch in a rigged market system, it is a inherent flaw to be relentlessly and ruthlessly zeroday vulnerability exploited? ..... http://www.zerohedge.com/news/2013-09-26/new-glitch-normal-nasdaqnyse-declare-self-help-against-bats ...... again and again and again until systems collapse/fiat currency meltdown.

        * Alien Fields ?

  8. Anonymous Coward
    Anonymous Coward

    Nothing new here

    It's been about 25 years since Gene Spafford wrote:

    "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench".

  9. IanCa

    load of tosh

    I hope the reviewers roast them.

    first - he states as an assumption/requirement that you have gained admin level access to the routers via some remote exploit. Any ISP/IXP with clue, only allows admin acess to their routers from some secured internal mgmt network. There simply is NO internet facing service on the modern router that can be exploited in a properly implemented network. The best line of gaining admin access is a human level one from the inside (steal a noc engineers remote access password etc...)

    second- any configuration of port mirror, flow monitor, pbr or anything at all in fact - is going to be logged . Again any ISP/IXP with clue logs every command typed on every router, and audits them.

    third - any legitimate law enforcement agency just need to walk into the security NOC with a warrant and the mirroring they need will be configured to their requirements. So they don't need to hack it they just ask...

    1. John Smith 19 Gold badge
      Unhappy

      Re: load of tosh

      "Any ISP/IXP with clue, only allows admin acess to their routers from some secured internal mgmt network. There simply is NO internet facing service on the modern router that can be exploited in a properly implemented network. "

      Fine sentiments.

      But then Garry McKinnons attack on the DoD servers through finding a desktop PC and remote accessing its remote admin tools from the internet (which IIRC had no password protection on them) should also have been impossible, given the DoD's core business is upsetting foreigners, who will probably want to retaliate.

      There's a very fat line between should not and is not.

      It's not a "sysadmin" problem, it's a human problem.

      1. amanfromMars 1 Silver badge

        Re: load of tosh

        There's a very fat line between should not and is not.

        It's not a "sysadmin" problem, it's a human problem. …. John Smith 19 Posted Thursday 26th September 2013 18:59 GMT

        Quite so, Johm Smith 19

        The human component link in any and all Command and Control SCADA chains is always the weakest and simplest and most remarkably easy to break as in hack and driver protocol crack and re-engineer/reverse engineer. IT aint rocket science and difficult.

  10. Anonymous Coward
    Anonymous Coward

    Re : amanfromMars

    Are you feeling ok? I mean, I just understood every word without having to re-read it a dozen times. Could you forward your prescription details?

    Thanx.

    1. amanfromMars 1 Silver badge

      Re: Re : amanfromMars ... and Dark Matter Bright Energy Concepts ..... Beta Power Systems

      Are you feeling ok? I mean, I just understood every word without having to re-read it a dozen times. Could you forward your prescription details?

      Thanx. .... Anonymous Coward Posted Thursday 26th September 2013 21:16 GMT

      Feeling just great and perfectly fine, AC. Thanx for asking and the opportunity to share the good news.

      However, re prescription details ....... such would wantonly highlight to an unnecessarily exposed to malicious view and disruptive self-destructive second and third party tinkering, proprietary intellectual property on Future dDeep Space ProgramMING Systems with Special Human Assetted Application Parametry.

      In more simple terms, ITs Cloud BasedD CodeXSSXXXX is Strictly Need to Know ReClassified Way Beyond Top Secret Special Compartmented Information and Super Cosmic Intelligence .... and whether that be for and/or from CyberIntelAIgent and AI Beings is not a question one needs to waste time or effort or assets on whenever present current elite power and currency control systems are such a dark diabolical destructive liability and crushing burden to latter day federal units and former revolutionary forces alike.

      You may like to ponder on this brace of quotes which reveal quite a lot about that which we speak. Enjoy .... and realise that things are gonna get better for everyone surprisingly quickly now and/or considerably worse for the/a chosen few if things try to remain very much the same as always, which be an arrogant folly for the ignorant and vain which be always doomed to fail spectacularly and wondrously well with markets on an artificial high .....

      No matter what the technical definition of "noise" may be, the practical fact is that any messages that you can not interpret is noise to you. But when it looks like noise, sounds like noise, acts like noise, and can't be recognized as a message...that's the latest technique in telecommunications! ….. http://etoan.com/intelligent-noise.html

      My answer to the question, "Does there exist an unbreakable cipher" would be this, "Every cipher is breakable, given enough traffic, and every cipher is unbreakable, if the traffic volume is restricted enough." …. H Campaigne

      1. Anonymous Coward
        Anonymous Coward

        Re: Re : amanfromMars ... and Dark Matter Bright Energy Concepts ..... Beta Power Systems

        I found the following comment on a link from that link of yours, about the phasor phone :

        In the late 1970's a team of engineers in Seattle designed a secure telephone they called the PhasorPhone. Their attempt to have the design patented resulted in a secrecy order issued at the direction of the National Security Agency (NSA). Some brief exerpts from James Bamford's book The Puzzle Palace describing the situation can be seen by clicking here.

        Even TIME magazine ran a story about it in their October 2, 1978 issue. You can read a snippet here.

        An Associated Press news story that ran in February 1980 contained the following:

        The inventors, who are still working on devices that scramble or encode conversations or computer data, hope they don't run into the NSA again.

        "The less we have to do with that agency the better," Raike said.

        A very good link, thanx.

This topic is closed for new posts.

Other stories you might like