Here's a [free] discussion of BGP threats from Dan Kaminski at DefCon 16 2008 (including information on what the HomeLand Security and NSA plan to do about it): http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html There's a good indepth discussion of the BGP exploit from the archives of Wired (November 2001 Umar Goldeli, A 30 minute crash-course on BGP 7 years after it was identified). Here are the Actual SLIDES from the DefCon 16 2008 discussion of the BGP inherent flaw: http://blog.wired.com/27bstroke6/files/edited-iphd-2.ppt Patrick McDaniels' Trace of Current Internet BGP Exploits from 2005: http://www.patrickmcdaniel.org/talks/deter-workshop-9-05.pdf Here's the CERT proof of concept from 2004 for the script bgp-dosv2.pl: http://www.us-cert.gov/cas/body/bulletins/SB2004_exploits.html Here's the location of a BGP script from 2004 that runs the BGP Zero Window exploit of sequence numbers from the archives: http://packetstormsecurity.org/0404-exploits/ http://packetstormsecurity.org/papers/protocols/SlippingInTheWindow_v1.0.doc Other script examples exist in the DefCon and 2600 archives from 1995 forward. Extra Credit: Here's the TCP Zero Window Reset exploit (3 way RST handshake exploit 1995 ) [also called "TCP TREASON"]: http://articles.techrepublic.com.com/5100-10878_11-5201771.html http://wapedia.mobi/en/Obnosis | http://en.wiktionary.org/wiki/Citations:obnosis | Obnosis.com (503)754-4452 Laugh at this MSN Footer _________________________________________________________________ Want to read Hotmail messages in Outlook? The Wordsmiths show you how. http://windowslive.com/connect/post/wedowindowslive.spaces.live.com-Blog-cns!20EE04FBC541789!167.entry?ocid=TXT_TAGLM_WL_hotmail_092008