[ I'm unthreading this, because Anton didn't think to, and I wouldn't want anyone who canned the other thread to miss it. --jra ]
On Thu, Aug 28, 2008 at 11:56:30AM -0400, Steven M. Bellovin wrote: > On Thu, 28 Aug 2008 10:16:16 -0500 > "Anton Kapela" <[EMAIL PROTECTED]> wrote: > > > I thought I'd toss in a few comments, considering it's my fault that > > few people are understanding this thing yet. > > > > >> On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <[EMAIL PROTECTED]> > > >> wrote: > > >>> > > >>> People (especially spammers) have been hijacking networks for a > > >>> while > > > > I'd like to 'clear the air' here. Clearly, I failed at Defcon, WIRED, > > AFP, and Forbes. > > > > We all know sub-prefix hijacking is not news. What is news? Using > > as-path loop detection to selectively blackhole the hijacked route - > > which creates a transport path _back to_ the target. > > > > That's all it is, nothing more. All but the WIRED follow-up article > > missed this point *completely.* They over-represented the 'hijacking' > > aspects, while only making mention of the 'interception' potential. > > > > Lets end this thread with the point I had intended two weeks ago: > > we've presented a method by which all the theory spewed by academics > > can be actualized in a real network (the big-I internet) to effect > > interception of data between (nearly) arbitrary endpoints from > > (nearly) any edge or stub AS. That, I think, is interesting. > > Indeed, and I thank you for it. As noted, I and others have been > warning about the problem for a long time. You've shown that it isn't > just an ivory tower exercise; maybe people will now get serious about > deploying a solution. > > To quote Bruce Schneier quoting an NSA maxim, attacks only get better; > they never get worse. We now have running code of one way to do this. > I think most NANOG readers can see many more ways to do it. A real > solution will take years to deploy, but it will never happen if we > don't start. And we want to have the solution out there *before* we > see serious attacks on BGP. > > Again, thank you -- it was really nice work. > > --Steve Bellovin, http://www.cs.columbia.edu/~smb Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
