BGP MITM Vulnerability
August 31st, 2008
I’m not sure this whole BGP MITM vulnerability hasn’t been blown way out of proportion. A few more details than mentioned in the articles can be found in the defcon presentation. [via arstechnica]
The whole point for the Internet is for communication to work and as mentioned in the article someone who redirects even a portion of the Internet traffic, even for a small prefix, is crazy to begin with. Not only because it will be noticed but more likely because you’re duplicating traffic because you need to resend the outbound packets for people not to notice that you’re intercepting traffic.
We’ve told people for years that their data on the Internet, if unencrypted, is not safe and never will be. The Internet is a dumb network and it will stay that way. I just can’t imagine each router validating a cryptographic signature on a BGP announcement for each AS in the AS-path. How should that work? It would be interesting to measure the impact that would have on the processor time required.
It’s also interesting to think about the trust-chain and information that would be required to not only know if an announcement really originated in a given AS but also if that AS is authorized to announce that network.
If people are not able to configure BGP filtering correctly how do we think they’re going to be able to deploy any cryptographic solution correctly to even get it to work on a global level? – Not to mention that certificates will expire and need to be replaced.
btw: this has also been blogged about by Bruce Schneier and Dan Kaminsky.