Home page logo

nanog logo nanog mailing list archives

Re: What Worked - What Didn't
From: Chris Woodfield <rekoil () semihuman com>
Date: Mon, 17 Sep 2001 16:51:17 -0400

I can think of one particular ISP's POP where the fiber comes into the 
building from a conduit that comes out of the ground, into a small metal
box, and then into the front of the building. In front of this exposed 
conduit, a small bush was planted. At the time, I joked about how one
well-placed shotgun blast from a car in the parking lot would be all it
took to destroy most, if not all, of that building's connectivity.

As an employee of one of the many companies who have service points at 25
Broadway, I think I'll stop joking about things like that.


On Mon, Sep 17, 2001 at 04:11:26PM -0400, Daniel Golding wrote:

Gee, the only major ISP that uses MD5 for peering links is Verio. That what
you were looking for, Randy? :)

Seriously, BGP session hijacking is the least of our worries. If you want to
hit internet infrastructure, the points of weakness are obvious and
physical. Car bombs at a dozen sites that we all know so well would be
enough to seriously degrade internet communications, particularly if they
were detonated near the fiber entrance facilities.

This underscores the previous concerns mentioned by some about the common
colocation of private peering by major internet carriers. Looks a little
riskier now, yes?

- Daniel Golding

-----Original Message-----
From: Randy Bush [mailto:randy () psg com]
Sent: Monday, September 17, 2001 2:19 PM
To: Daniel Golding
Cc: nanog () merit edu
Subject: RE: What Worked - What Didn't

The big winners were cable TV, email, packet networks and IM applications.
The big losers with cell phones, circuit switching, PSTN, non-akamized
news sites.

no one went after the comms infrastructure.  when they do, i suspect that
we will find the internet is extremely vulnerable.  how many folk even
have md5 auth turned on their bgp peering sessions?  what nievete!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]