A new security hole in the Internet Protocol is potentially the most severe ever discovered, according to a presentation by security experts Anton Kapela and Alex Pilosov. The two have revealed that the inherent nature of the Border Gateway Protocol (BGP), which is essential for optimizing and routing traffic on the Internet, allows a hacker to redirect traffic to his own servers and forward it along without interrupting connections or otherwise immediately exposing the attack. The method would allow a malicious user to either spy on unprotected traffic or alternately ‘poison’ the data with altered code before it reaches its destination.
The method can’t easily be fought since the BGP protocol itself requires an explicit level of trust to work as written, the experts say. The currently proposed solution would rely on BBN Technologies chief security scientist Stephen Kent’s recently developed Secure BGP standard, which would force each router online to sign its routing map data and let network providers determine whether or not they will accept changes made by that router. A provider could establish blacklists that cut off unknown or actively hostile routers.
This one was reported at the latest DefCon. well, more accurately reported after DefCon when they revealed what they had been doing. The network at DefCon is filled with a bunch of nasty things floating around and definitely not for the faint of heart. At the same time, there is also a group of admins that are constantly tending to the network to make sure this sort of goofiness is squashed. The fact that this went unnoticed is pretty amazing…and scary!
Would your corporate network realize such an attack was taking place?