Re: PI/metro/geo [Re: The state of IPv6 multihoming development]

[RJ Atkinson <rja@extremenetworks.com>]

On Tuesday, Nov 5, 2002, at 12:21 America/Montreal, Iljitsch van 
Beijnum wrote:
>  My point is that becoming a man in the middle is
> not an easy thing to do in general.
	My point is that it so easy to do that it is a common attack throughout
today's Internet.  Common enough that there have been multiple CERT 
advisories
warning about it.  Common enough that BGP added an MD5 authentication 
option
to prevent man-in-the-middle attacks on BGP.  And common enough that we
need to really worry about with the current Internet.

> It annoys me that "security people" are quick to scream everything is
> insecure while in reality many of the attacks they claim are possible
> are very hard to carry out.
	Um.  I regularly deny being a "security person".

	That aside, pretending these attacks are hard to implement or not 
common
on the deployed Internet is harmful because they are EASY to implement 
and
have been COMMONPLACE in the real world for several years now.

	I don't discuss implementation details of any attack ever, but I will
note that all the information needed to code up a man-in-the-middle 
attack
is available online and/or in published papers.

Ran