On Aug 28, 2008, at 1:40 AM, Jim Popovitch wrote:
On Thu, Aug 28, 2008 at 1:22 AM, Patrick W. Gilmore
<[EMAIL PROTECTED]> wrote:
Assuming it is in the "wrong" place, you may be able to detect the
intrusion. But most people do not run traceroutes all day and
watch for it
to change. If you run the traceroute after the attack starts,
well, how are
you to know that br01-pos07-$FOO-$BAR is wrong and br03-10GE02-
$BLAH-$BAR is
right?
Uhhh... network monitoring with traceroute and topology tools. There
are several off-the-shelf varieties to choose from, and I know of
several providers that use them.
I stand by my assertion that most people do not run traceroutes all
day and watch for it to change.
That some people are diligent does not change the fact the
overwhelming majority of people are not.
Or the fact that with the right placement of equipment (read "luck")
and cooperation of networks involved (read "laziness"), even a
traceroute won't show any change besides additional latency.
--
TTFN,
patrick
