cork1958
Cork
join:2000-02-26
Fruitport, MI
 ·Verizon Online DSL
 ·Charter Pipeline
| reply to asdfdfdfdfdfdf
Re: Hole can be closed; but it is costly and disruptive
said by asdfdfdfdfdfdf :I think you are right. What annoys me though, is when I read things like: quote:
who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail."
quote:
Stephen Kent, chief scientist for information security at BBN Technologies, who has been working on solutions to fix the issue, said he demonstrated a similar BGP interception privately for the Departments of Defense and Homeland Security a few years ago.
Our government insists that they need backdoors and broad powers to monitor anyone's communications without fussy things like warrants and they talk of dire scenarios like terrorists bringing down our communications infrastructure and plunging us into chaos and and yet this same government can't be bothered to light fires under some asses to make sure resources are devoted to getting this sort of thing fixed. Should make us wonder whether they believe their own breathless rhetoric. Does ANYBODY believe their breathless rhetoric?
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/ |
|
asdfdfdfdfdfdf
@Level3.net
| reply to TKJunkMail
I think you are right. What annoys me though, is when I read things like:
quote:
who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail."
quote:
Stephen Kent, chief scientist for information security at BBN Technologies, who has been working on solutions to fix the issue, said he demonstrated a similar BGP interception privately for the Departments of Defense and Homeland Security a few years ago.
Our government insists that they need backdoors and broad powers to monitor anyone's communications without fussy things like warrants and they talk of dire scenarios like terrorists bringing down our communications infrastructure and plunging us into chaos and and yet this same government can't be bothered to light fires under some asses to make sure resources are devoted to getting this sort of thing fixed.
Should make us wonder whether they believe their own breathless rhetoric. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
|  Given the cost and effort required to close this hole, it may be some time before it is closed.
Kent and BBN colleagues developed Secure BGP (SBGP), which would require BGP routers to digitally sign with a private key any prefix advertisement they propagated. An ISP would give peer routers certificates authorizing them to route its traffic; each peer on a route would sign a route advertisement and forward it to the next authorized hop.
"That means that nobody could put themselves into the chain, into the path, unless they had been authorized to do so by the preceding AS router in the path," Kent said.
The drawback to this solution is that current routers lack the memory and processing power to generate and validate signatures. And router vendors have resisted upgrading them because their clients, ISPs, haven't demanded it, due to the cost and man hours involved in swapping out routers.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
