Re: PI/metro/geo [Re: The state of IPv6 multihoming development]

[Iljitsch van Beijnum <iljitsch@muada.com>]

On Tue, 5 Nov 2002, RJ Atkinson wrote:

> >  My point is that becoming a man in the middle is
> > not an easy thing to do in general.

> 	My point is that it so easy to do that it is a common attack throughout
> today's Internet.

Can you point me to something that might convince me of this?

> Common enough that BGP added an MD5 authentication option
> to prevent man-in-the-middle attacks on BGP.

I've never heard of this actually happening. Also, the MD5 option
provides protection against spoofed RSTs.

> And common enough that we
> need to really worry about with the current Internet.

If man in the middle really is common we need to go down to layer 0 and
implement some protection there. Crypto helps sell CPUs but a man in the
middle can still disrupt your traffic so crypto isn't enough.

> 	That aside, pretending these attacks are hard to implement or not
> common on the deployed Internet is harmful because they are EASY to implement
> and have been COMMONPLACE in the real world for several years now.

Obviously we use different defenitions of these terms.

> 	I don't discuss implementation details of any attack ever, but I will
> note that all the information needed to code up a man-in-the-middle
> attack is available online and/or in published papers.

Performing the attack once you're in position is trivial. Tampering with
the infrastructure so you can receive and send packets while at the same
time the real destination/source is unable to, and doing this without
being detected, is hard, except in some places at the edge of the
network.