Metasploit mailing list archives
Hijacking huge chunks of the internet
From: natron at invisibledenizen.org (natron)
Date: Thu, 28 Aug 2008 10:46:07 -0500
Here's a copy of their presentation in ppt format, which when viewed as a presentation is much easier than the PDF on defcon's website. http://blog.wired.com/27bstroke6/files/edited-iphd-2.ppt The problem wouldn't be that this is not scriptable; that's a technical hurdle. I assumed you had to be in a semi-privileged position, e.g. you have to be an ISP or similar to have any ability to submit route update info to other AS routers... However, it appears you can submit additional routes via email (see slide 10). If you go to the site referenced there (http://altdb.net/) you'll see this: "To submit objects, send email to auto-dbm at altdb.net". I assume altdb isn't the only site of it's type out there. If you can find one that will process your update and/or if you can get their email system to accept a spoofed email from a legitimate source of updates, it would appear you could get them to make the changes for you. At that point, traffic would be forwarded to the AS of your choice -- but you'd still need to control that AS to be able to get traffic to hit the router/machine of your choice. Can anyone comment on this? N 2008/8/28 Wright, Gareth <G.Wright at west-cheshire.ac.uk>
Just having a look at the paper now, and yes most does look scriptable. I'm yet to dive into Ruby, but now is as good a time as any. *From:* Konrads Smelkovs [mailto:konrads.smelkovs at gmail.com] *Sent:* 28 August 2008 10:31 *To:* Wright, Gareth *Subject:* Re: [framework] Hijacking huge chunks of the internet I looked at a paper "Stealing The Internet" presented on defcon 16 and a lot of that stuff looks scriptable. -- Konrads Smelkovs Applied IT sorcery. On Thu, Aug 28, 2008 at 12:14 PM, Wright, Gareth < G.Wright at west-cheshire.ac.uk> wrote: An interesting article was posted on the register today regarding the exploitation of the Border Gateway Protocol, in which : "Kaminsky also said pulling off the BGP attack would require a level of expertise that exceeded typical attacks, such as the ubiquitous SQL injection exploits or those targeting the DNS bug. "Theres not going to be a Metaspoit module that any kid can run that can go ahead and run this attack," he said." (Poor spelling and grammar copied direct from article) http://www.theregister.co.uk/2008/08/27/bgp_exploit_revealed/ Slightly more technical detail supplied here http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html Gareth http://www.theregister.co.uk/2008/08/27/bgp_exploit_revealed/ _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080828/b2efb35f/attachment.htm>
Current thread:
- Unexpected Results From a backtrack attack on DVL live CD Mr Gabriel (Aug 26)
- Unexpected Results From a backtrack attack on DVL live CD Juergen Fiedler (Aug 26)
- Unexpected Results From a backtrack attack on DVL live CD Mr Gabriel (Aug 26)
- Hijacking huge chunks of the internet Wright, Gareth (Aug 28)
- Message not available
- Hijacking huge chunks of the internet Wright, Gareth (Aug 28)
- Hijacking huge chunks of the internet natron (Aug 28)
- Unexpected Results From a backtrack attack on DVL live CD Mr Gabriel (Aug 26)
- Unexpected Results From a backtrack attack on DVL live CD Juergen Fiedler (Aug 26)