BGP and TCP TREASON
Lisa Kachold
lisakachold at obnosis.com
Sat Oct 18 09:36:37 MST 2008
Here's a [free] discussion of BGP threats from Dan Kaminski at DefCon 16 2008 (including information on what the HomeLand Security and NSA plan to do about it):
http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html
There's a good indepth discussion of the BGP exploit from the archives of Wired (November 2001 Umar Goldeli, A 30 minute crash-course on BGP 7 years after it was identified).
Here are the Actual SLIDES from the DefCon 16 2008 discussion of the BGP inherent flaw:
http://blog.wired.com/27bstroke6/files/edited-iphd-2.ppt
Patrick McDaniels' Trace of Current Internet BGP Exploits from 2005:
http://www.patrickmcdaniel.org/talks/deter-workshop-9-05.pdf
Here's the CERT proof of concept from 2004 for the script bgp-dosv2.pl:
http://www.us-cert.gov/cas/body/bulletins/SB2004_exploits.html
Here's the location of a BGP script from 2004 that runs the BGP Zero Window exploit of sequence numbers from the archives:
http://packetstormsecurity.org/0404-exploits/
http://packetstormsecurity.org/papers/protocols/SlippingInTheWindow_v1.0.doc
Other script examples exist in the DefCon and 2600 archives from 1995 forward.
Extra Credit: Here's the TCP Zero Window Reset exploit (3 way RST handshake exploit 1995 ) [also called "TCP TREASON"]:
http://articles.techrepublic.com.com/5100-10878_11-5201771.html
http://wapedia.mobi/en/Obnosis | http://en.wiktionary.org/wiki/Citations:obnosis | Obnosis.com (503)754-4452
Laugh at this MSN Footer
_________________________________________________________________
Want to read Hotmail messages in Outlook? The Wordsmiths show you how.
http://windowslive.com/connect/post/wedowindowslive.spaces.live.com-Blog-cns!20EE04FBC541789!167.entry?ocid=TXT_TAGLM_WL_hotmail_092008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081018/615cf4d3/attachment.htm
More information about the PLUG-discuss
mailing list