Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Researchers Probe Dark and Murky Net
Kevin Poulsen, SecurityFocus 2001-11-12

Study finds hackers and military sites lurking in the Internet's phantom zones

Comments Mode:
Researchers Probe Dark and Murky Net - no surprise! 2001-11-13
Anonymous (1 replies)
Is this really surprising? The complexities of BGP4 allow plenty of room for mistakes. BGP began its life in 1989... the current version (BGP-4) was not developed until 1994. Hardly the "age of innocence" of the Internet.

In any case launching an attack from "dark" address space requires eithe...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net - no surprise! 2001-11-15
John
I agree with this comments. In order to

compromise the routing annoucements or routing tables,

the attacker has to have certain access to the router.

By the way, router doesn't has too many ports open( not too many services) either. ...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net - and don't filter routes 2001-11-13
Xam 4t wi2600 d0t org (4 replies)
While reading this, a few things came to mind:

-It seems that at least a few people are observing RFC1918 addresses showing up in routing tables. This is rather interesting in and of itself; would it not make sense (as a router administrator) to filter annoucements (or summarizations that include...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net - and don't filter routes 2001-11-14
Eoghan
I would not assume the "Dark and Murky Nets" are RFC1918 what about 0.0.0.0/8 or 1.0.0.0/8 or even 7.0.0.0/8

There are lots of reserved ip addresses that are not generally in use or even assigned...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net - and don't filter routes 2001-11-15
dellp at cbs dot curtin dot edu dot au
I thought the problem was people creating realistic (i.e. not RFC1918) but still bogus addresses. For example if the network 198.25.84.0 isn't used, just configure a compromised router to route traffic for this address block and kill it when you're finished.

...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net - and don't filter routes 2001-11-15
Anonymous
I agree. I block 1918 addresses at my firewall but I do not at my Cisco, and a few systems sit outside the firewall. I sit here convinced the only reason I block on my firewall is because that is the default in FreeBSD....

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net - and don't filter routes 2001-11-15
Anonymous
I know that SprintLink filters out RFC1918 and other questionable address space from their backbone. (I used to work there). And from some of the routing tables I have observed from UUnet they do too. Now that's fine and dandy but it doesn't account for all the knuckleheads out there that don't know...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net 2001-11-14
Anonymous
We have seen it here in Brazil in 1996. Attacks comming from some blocks *in* the Brazilian address-spaces, but with no "official" designation to any company/organization.

In that times, we assume that brazilian backbone´s routing was not authenticated, so everyone can inject routes via a simple ...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net 2001-11-15
Father
In ye old Cyberpunk (Anyone remember that?) game, it was called "Wilderspace". ...

[ more ]  [ reply ]
New routing standards 2001-11-15
Anonymous
What we need are new routing standards that allow and/or demand authentication. We also need this for DNS too.

Hell, let's over haul the Internet... [snicker]

anubis (at) dc.net. (dot) . [email concealed]

[ more ]  [ reply ]
Private IPs are being used by larger ISPs 2001-11-15
Linolil (1 replies)
There is one interesting factiod, which may explain the blackholes in the broadband ISP space. Running an outbound traceroute from nodes hosted by some of the larger ISPs will show that they are using RFC-1918 IP space in their public routers.

Sprintbroadband and @home traceroutes show that they...

[ more ]  [ reply ]
Private IPs are being used by larger ISPs - Two Layers 2001-11-16
Robby
For @home customers, the service provider utilizes the address space of its customers as residing inside a firewall so that they can prevent customers running winblows from sharing their HDD with the world.

Thus, to @home, my cable modem is on an internal network.

Me/My Home Network (NAT Fir...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net 2001-11-15
Anonymous (1 replies)
Just try and convince that self-proclaimed computer expert (usually your boss) that the 17GB of traffic through your system this weekend wasn't old Mrs Beltz in accounting downloading kiddie porn, that in fact it was two script kiddies from Halifax DDoSing the web hosting service which recently kick...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net 2001-11-16
Anonymous
enable netflow stuff on a cisco router, and log, log, log.

that really helps you figure outthe type of traffic going

through your network, and also (optionally) helps with

billing.

...

[ more ]  [ reply ]
Probe Dark & private addressroom 2001-11-16
Anonymous


heh, ISPs are using private addresses for PtP links and IX, so it isn't so rare.

...

[ more ]  [ reply ]
Researchers Probe Dark and Murky Net 2001-11-16
Anonymous
Why should 10/8, or any other 1918 addresses, matter on transit networks?

@Home has been doing this for years ; granted during traceroutes it sucks since you can't do the PTR lookup on say 10.117.3.1.

But why waste address space on two HDLC or PPP interfaces? I thought we were supposed to be "...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus