Suddenly everyone has a cyberweapon; and they're big

Read this quick, before the Internet implodes!

By  

Researchers who describe their technique in language that could put a wonk to sleep, and yet link to bios that show one of the ringleaders riding a giant fiberglass jackalope, debuted a cyberweapon that has the potential to destroy the Internet by using its most important routers gainst it.

In"Losing control of the internet: using the data plane to attack the control plane" researchers from the University of Minnesota describe a way to exploit the Border Gateway Protocol (BGP) that the Internet's core routers use to communicate with each other.

The routers use BGP to identify one another and the best routes along which to send data to one another. When one goes down, others send out BPS notifications to others can re-route traffic around the outage.

The paper describes a "cyberweapon" called a "Coordinated Cross Plane Session Termination (CXPST), technique that allows attackers to map the connection paths and choose those with the greatest potential for disruption.

Then they use a previously discovered technique called ZMW to break the connection.

That causes each router to send out notifications that the other is offline – notifications that ripple out to every router on the Internet, which reroute traffic to avoid the two "downed" routers.

After a break, the two original routers reconnect, send out updates saying they're fine, and traffic flows back to them.

When it does they break connection again, sending out another Internet-wide wave of notices.

This continues until every router on the Internet has such a long queue of bogus outage notifications that it can't catch up, and eventually goes offline.

The paper predicts it should take about 20 minutes, using a botnet of about 250,000 machines.

A botnet that size could be a threat to a single good-sized Web site; using this technique it could, theoretically, take down the whole Internet.

The guy riding the jackalope, by the way, also put in a link to this page, which shows the hype cycle of an inaccurate or misunderstood science story that hits the media and causes panic.

If the jackalope didn't do it, that at least shows he has a sense of humor, but that doesn't mean the threat isn't serious.

Following a scare in 2008, there's been a lot of attention to BGP attacks of various kinds and how to prevent them.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness