Are large scale Man in The Middle attacks underway?
Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months over the last year. Does it seem unusual for internet traffic between Ashburn Virginia (63.218.44.78) and Washington DC (63.234.113.110) to go through Russia to Belarus? That is exactly what they observed. Once traffic flows through your routers there are countless opportunities to capture and modify the traffic with classic MiTM attacks. In my humble opinion we should put very little stock in the safety of SSL traffic as it flows through them. Attacks such as the SSL Crime attack, Oracle Padding attacks, Beast and others have shown SSL to be untrustworthy in circumstances such as this.
Advertising false BGP routes to affect the flow of traffic isn't new. You may remember when Pakistan "accidently" took down Youtube for a small portion of the internet when they attempted to blackhole the website within their country. (Maybe they knew the "twerking" fad was coming) But this is an excellent article that documents two cases where it has happened for extended periods of time.
http://www.renesys.com/2013/11/mitm-internet-hijacking/
Shameless self promotion:
Build a custom penetration testing backdoor that evades antivirus! Write your own SQL Injection, Password attack tools and more. Want to code your own tools in Python? Check out SEC573 Python for Penetration Testers. I am teaching it in Reston VA March 17th! Click HERE for more information.
Follow me on twitter? @MarkBaggett
Comments
Anonymous
Nov 21st 2013
1 decade ago