nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: key change for TCP-MD5

From: Randy Bush <randy () psg com>
Date: Wed, 21 Jun 2006 17:55:21 -0700


This one is hard to pull off. I think the general conclusion
a couple years ago in the study that Sean Convery and Matt Franz
did was that it was less work to try to own the router or buy your
own AS ;)


this is the "you don't have to run faster than the lion, you
just have to run faster than your friend," theory.  as those
who survived to report are a biased sample, it is not well
tested.

black hats are opportunistic, but not lazy.  they look for
cracks with mamzing diligence.  e.g the recent brilliant
post on cracking the xbox
<http://www.xbox-linux.org/wiki/17_Mistakes_Microsoft_Made_in_the_Xbox_Security_System>.

when low-hanging fruit is unavailable, or when they see a
really cool way to exploit the higher fruit, it would be
prudent to have done something about it.  who cares about
openly recursive dns servers?  there are easier ways to
crack the host.  oops!

unfortunately, this is not just theory.  few talk about the
serious routing attacks that have been seen.

randy
Previous By Date Next
Previous By Thread Next

Current thread: