Can you 'fake' an IP address?
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Wed Mar 14 07:28:49 UTC 2012
On Tue, 13 Mar 2012, D. Hugh Redelmeier wrote:
> My picture is that there are two really technically weak links:
>
> - DNS (until DNSsec is deployed and used)
>
> - the global routing system. Just advertise a low cost route to the
> ASN and you'll hijack traffic. Instant man-in-the-middle. Not
> easy to keep secret and requires significant hardware. This has
> been (is being) done by countries.
There is work in this area. RPKI is being worked on actively by the IETF
and the RIRs. Right now it can authenticate end points but they plan on
making it authenticate the entire route to avoid Man-in-the-middle
attacks.
We live in interesting times :)
Cheers,
Rob
--
Email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.practicalsysadmin.com
Director, Software in the Public Interest (http://spi-inc.org/)
Free & Open Source: The revolution that quietly changed the world
"One ought not to believe anything, save that which can be proven by nature and the force of reason" -- Frederick II (26 December 1194 – 13 December 1250)
More information about the Legacy
mailing list