RE: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty
> From: Bill Woodcock [mailto:wo...@pch.net] > Subject: Re: Internet Surveillance and Boomerang Routing: A Call for > Canadian Network Sovereignty > > On Sep 10, 2013, at 9:29 AM, Jean-Francois Mezei > wrote: > > Will the market start to demand routes that avoid the USA if the > destination is not the USA ? > > Unlikely, all else being equal. The market demands the least expensive > routes. Which is why we push for new IXPs on the Canadian side of the > border, so that the _cheapest_ route will also be the _shortest_ route, and > will remain within Canadian jurisdiction and the purview of Canadian personal > privacy law, for instance. Maybe it's time to dust off some of those "reserved for future use" IP security options. It's almost as if someone saw this problem coming a long time ago. - Marsh https://tools.ietf.org/html/rfc791#page-17 Security This option provides a way for hosts to send security, compartmentation, handling restrictions, and TCC (closed user group) parameters. The format for this option is as follows: +++---//---+---//---+---//---+---//---+ |1010|1011|SSS SSS|CCC CCC|HHH HHH| TCC | +++---//---+---//---+---//---+---//---+ Type=130 Length=11 Security (S field): 16 bits Specifies one of 16 levels of security (eight of which are reserved for future use). - Unclassified 0001 00110101 - Confidential 0000 10011010 - EFTO 1000 01001101 - 0100 00100110 - PROG 1010 00010011 - Restricted 11010111 10001000 - Secret 01101011 11000101 - Top Secret 00110101 11100010 - (Reserved for future use) 10011010 0001 - (Reserved for future use) 01001101 0000 - (Reserved for future use) 00100100 1001 - (Reserved for future use) 00010011 0100 - (Reserved for future use) 10001001 1010 - (Reserved for future use) 11000100 11010110 - (Reserved for future use) 11100010 01101011 - (Reserved for future use)
RE: questions regarding prefix hijacking
> From: Christopher Morrow > Sent: Wednesday, August 7, 2013 2:06 PM > > On Wed, Aug 7, 2013 at 4:59 PM, Marsh Ray wrote: > > > > It would be incredibly useful for someone to start a page or a category on > Wikipedia "List of Internet Routing and DNS Incidents" that would include > both "accidental" and malicious events. > > do we really need that? Have you ever heard of someone using IP addresses as an access control mechanism? (AKA, "IP whitelist") When I hear about this, I would really *love* to be able to link them to a credible source. > they seem to occur often enough that that isn't really required :( *I* believe you, but in practice that's not sufficient to convince many other folks. Currently, a section of a page on Wikipedia lists 7 incidents going back to 1997. http://en.wikipedia.org/wiki/IP_hijacking#Public_incidents Serious question: Do folks here feel that is an accurate representation of this phenomenon in practice? - Marsh
RE: questions regarding prefix hijacking
> From: Paul Ferguson > Sent: Wednesday, August 7, 2013 3:07 AM > Subject: Re: questions regarding prefix hijacking > > Historically, most prefix hijacks have been accidental, generally due to > configuration error -- for instance... > > Having said that, there are quite a few documented cases of it being done > intentionally, and for nefarious purposes. It would be incredibly useful for someone to start a page or a category on Wikipedia "List of Internet Routing and DNS Incidents" that would include both "accidental" and malicious events. - Marsh
Revealed: NSA program collects 'nearly everything a user does on the internet'
Chris Boyd cboyd at gizmopartners.com Wed Jul 31 15:50:09 UTC 2013 > > I would guess that it's becasuse many VPN services still support PPTP which > can be attacked as outlined here: > http://www.schneier.com/paper-pptpv2.html > > --Chris That link doesn't even mention the worst vulnerability in PPTP/MS-CHAPv2. Strangely, it's only in the PDF version http://www.schneier.com/paper-pptpv2.pdf at the bottom of page 6: > Note also that the MS-CHAP response generation algorithm is also a weak > link, even when passwords contain adequate entropy. It is clear that the NT > hash can be recovered with just two DES exhaustive keysearches (about 256 > trial DES decryptions on average) In other words, PPTP/MS-CHAPv2 is equivalent to encrypting your password with *single DES* and sending it over the untrusted network. It doesn't matter how strong your plaintext password is. Not only can the passive eavesdropper decrypt your VPN-tunneled data, he can obtain the NT hash which is a password-equivalent credential allowing him to impersonate the user to log into any other network services. Moxie Marlinspike and David Hulton described the exploit for it at Defcon 20 last summer: Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2 http://www.youtube.com/watch?v=vWXP3DvH8OQ Moxie's Cloudcracker online service will decrypt your PPTP packet captures using an FPGA cluster from Pico Computing. Last I heard, the price was a flat fee of $200, although it sometimes goes on sale. http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html http://h-online.com/-1716768 So it's not just the NSA, it's any passive observer with a budget of $200 for a one-off or ~$10K for their own hardware capability. PPTP is old and busted, don't let your friends use it! If you've ever used it, change your password. IMHO, if there's any other protocol more deserving of the "internet kill switch" I don't know what it is. - Marsh (sorry for not threading properly, I just subscribed to reply)