North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Speaking of taking down the internet

  • From: blitz
  • Date: Tue Jul 02 03:14:50 2002

Just a FYI folks....from one of the hacker lists I'm on...


Speaking of taking down the internet

> Extra points for only needing to affect one device and having that device
> successfully spread the payload to every other device as a part of it's
> routine network communications. Think you can't cross boundaries between
> different chipsets as implemented by different vendors (i.e. Cisco exploit
> code which wouldn't presumably work on Foundry gear)? Think again. Think
> polymorphic multi-architecture assembly. Think stuff that we were doing for
> fun in a hotel room at Defcon two years ago.

Heh. That's fucking evil, Dan. That's completely fucking evil. I like it.
The only problem I can see with it is that it'd take a lot of space.
Routers are tight on how much you can fit into 'em, and I think you'd
stand a good chance at setting off an alarm somewhere by adding that much
code. But maybe not... you could even store the code remotely... have your
evil router 'upgrade' it's neighbors. But then you might get caught by an
IDS system. Probability is low on that happening, though. Needle in a
haystack.

How about using the same plan, except instead of just making the routing
infrastructure go dead, how about spicing it up a little and have it go
after the root DNS servers? Thousands of devices on the backbone stuffing
a DoS down an OC192 circuit at 9.6 Gigs per second would certainly have
folks confused, I'd imagine. Especially if you spoofed the source
addresses.

Every time they trace the attack back to the other side of yet another
router, it looks like the problem is further away. People would be
completely mystified. Traffic coming from the routers would just look like
traffic coming from something on the other side of the routers. And it
would be... each router would be generating (and routing) a huge attack.
And as pretty much all communication would be down, even if a couple folks
figured it out, they'd have no easy way to spread the word of what was
happening. Although I'm sure it would certainly hit the news.

> Having said all of that, it's a cool (in the sense of being skillful)
> attack against the Global Data Network, but hardly the easiest. It would
> probably cost lots less overall to just crash something big or something
> that goes boom over at Verisign and/or some places in the EU. I'm sure they
> have plumbing. Computers still don't like water.

And fiber still doesn't like tractors ;-)
Hmmm...? You make the decision if this is relevant...you didn't hear it from me...