By now you've probably heard of the Defcon presentation given recently by Anton Kapela and Alex Pilosov titled "Stealing The Internet - A Routed, Wide-area, Man in the Middle Attack." Their presentation illustrates the exploitation of a design vulnerability in BGP that has existed since the protocol's inception: if not properly filtered by his service provider, a customer can inject whatever routes he wishes into the global Internet routing table. Slides of the presentation are available on the Defcon website (PDF link).

This simple vulnerability is nothing new. Anyone familiar with the workings of BGP realizes the inherent flaws with implicitly trusted peerings such as BGP implements. People have been (accidentally and otherwise) injecting inappropriate routes now and then for as long as the Internet has been around. However, Kapela and Pilosov expand this concept of route hijacking to a full-blown man-in-the-middle attack with global reach. They demonstrate the ability to reroute traffic from one autonomous system to another as they please through a combination of route hijacking and AS prepending to force a return route to the intended destination, intercepting traffic without disrupting service. They also show how TTL modification can be used to obscure the results of a traceroute from the victim AS, further cloaking the attack. Wired has a good article covering the presentation, as well as some proposed solutions (aside from simply forcing ISPs into responsible action).

After reading some of the general press covering their presentation and watching the back-and-forth on mailing lists, I find myself frustrated and disappointed by the response these guys have received. Here they've obviously put a tremendous amount of work into an informative, well-executed presentation, only to have it over-hyped by the ignorant outer circle, and berated by the "informed" inner circle. The mainstream IT press, with a few exceptions, has concentrated on the long-known issue of route hijacking rather than the bulk of the presentation. Naturally, this provided plenty of fodder for the "I've known this forever!" trolls on industry forums, who of course are far too busy to bother reviewing the presentation itself. Many people have expressed their appreciation for the talk, but I feel the pair of speakers has had to ensure a grossly disproportionate amount of misinformed criticism, even for a Defcon presentation.

The irony brought forth by people who gloat about having known of the vulnerability for years, is that most have done little or nothing to improve the situation, for years . I know my opinion doesn't count for much, but I see this presentation as both interesting and serving the public interest. Obviously, the Internet routing structure needs to be improved, but no real progress can be made until people start talking about it in the terms presented here. Well done, gentlemen!