home.social

#bgphijacking — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #bgphijacking, aggregated by home.social.

  1. Pour finir, l’info a fait son chemin
    jusqu’à la mailing-list des administrateurs de relais #tor.

    Donc c’est bien une des campagnes ...académiques de sensibilisation de masse.

    Mais comme souvent, au final ça suscite plus de questions que de réponses,
    vu qu’on parle d’une attaque au niveau AS / BGP.

    Thread côté Tor
    👇
    lists.torproject.org/mailman3/

    Et bien évidemment, ça déclenche des réactions très humaines 😅

    Extrait qui résume assez bien l’ambiance :

    “ Is the stated vulnerability an actively exploited problem or is this a DoS attack by scaremongering?

    My guess is it is neither. I would be that it's just some over-excited
    researchers who want to get the news out about just how awful BGP is.
    But, while it is "exploitable", there's not much that can be done with
    it. All an attacker could do is cause the connections destined for your
    relay to go to their servers instead. But crucially, they do not have
    your relay key, so all other relays and clients would refuse to connect
    to them..”

    Bref,
    je vais quand même ouvrir un ticket chez Scaleway,
    histoire de voir ce qu’ils en pensent de leur côté.

    #BGP #NetOps #bgphijacking

  2. Pour finir, l’info a fait son chemin
    jusqu’à la mailing-list des administrateurs de relais #tor.

    Donc c’est bien une des campagnes ...académiques de sensibilisation de masse.

    Mais comme souvent, au final ça suscite plus de questions que de réponses,
    vu qu’on parle d’une attaque au niveau AS / BGP.

    Thread côté Tor
    👇
    lists.torproject.org/mailman3/

    Et bien évidemment, ça déclenche des réactions très humaines 😅

    Extrait qui résume assez bien l’ambiance :

    “ Is the stated vulnerability an actively exploited problem or is this a DoS attack by scaremongering?

    My guess is it is neither. I would be that it's just some over-excited
    researchers who want to get the news out about just how awful BGP is.
    But, while it is "exploitable", there's not much that can be done with
    it. All an attacker could do is cause the connections destined for your
    relay to go to their servers instead. But crucially, they do not have
    your relay key, so all other relays and clients would refuse to connect
    to them..”

    Bref,
    je vais quand même ouvrir un ticket chez Scaleway,
    histoire de voir ce qu’ils en pensent de leur côté.

    #BGP #NetOps #bgphijacking

  3. Pour finir, l’info a fait son chemin
    jusqu’à la mailing-list des administrateurs de relais #tor.

    Donc c’est bien une des campagnes ...académiques de sensibilisation de masse.

    Mais comme souvent, au final ça suscite plus de questions que de réponses,
    vu qu’on parle d’une attaque au niveau AS / BGP.

    Thread côté Tor
    👇
    lists.torproject.org/mailman3/

    Et bien évidemment, ça déclenche des réactions très humaines 😅

    Extrait qui résume assez bien l’ambiance :

    “ Is the stated vulnerability an actively exploited problem or is this a DoS attack by scaremongering?

    My guess is it is neither. I would be that it's just some over-excited
    researchers who want to get the news out about just how awful BGP is.
    But, while it is "exploitable", there's not much that can be done with
    it. All an attacker could do is cause the connections destined for your
    relay to go to their servers instead. But crucially, they do not have
    your relay key, so all other relays and clients would refuse to connect
    to them..”

    Bref,
    je vais quand même ouvrir un ticket chez Scaleway,
    histoire de voir ce qu’ils en pensent de leur côté.

    #BGP #NetOps #bgphijacking

  4. Pour finir, l’info a fait son chemin
    jusqu’à la mailing-list des administrateurs de relais #tor.

    Donc c’est bien une des campagnes ...académiques de sensibilisation de masse.

    Mais comme souvent, au final ça suscite plus de questions que de réponses,
    vu qu’on parle d’une attaque au niveau AS / BGP.

    Thread côté Tor
    👇
    lists.torproject.org/mailman3/

    Et bien évidemment, ça déclenche des réactions très humaines 😅

    Extrait qui résume assez bien l’ambiance :

    “ Is the stated vulnerability an actively exploited problem or is this a DoS attack by scaremongering?

    My guess is it is neither. I would be that it's just some over-excited
    researchers who want to get the news out about just how awful BGP is.
    But, while it is "exploitable", there's not much that can be done with
    it. All an attacker could do is cause the connections destined for your
    relay to go to their servers instead. But crucially, they do not have
    your relay key, so all other relays and clients would refuse to connect
    to them..”

    Bref,
    je vais quand même ouvrir un ticket chez Scaleway,
    histoire de voir ce qu’ils en pensent de leur côté.

    #BGP #NetOps #bgphijacking

  5. Is there any evidence of a #BGP "worldwide" failure from around 10:03 UTC to 13:03 UTC today 2020-08-30? This has happened in some parts of the Polish #PIONIER academic internet backbone.

    Sounds like #BGPhijacking en.wikipedia.org/wiki/BGP_hija

  6. Is there any evidence of a #BGP "worldwide" failure from around 10:03 UTC to 13:03 UTC today 2020-08-30? This has happened in some parts of the Polish #PIONIER academic internet backbone.

    Sounds like #BGPhijacking en.wikipedia.org/wiki/BGP_hija

  7. Citing BGP hijacks and hack attacks, feds want China Telecom out of the US - Enlarge (credit: bfishadow)
    Citing the misrouting of US Internet traffic, malicious hacking and c... more: arstechnica.com/?p=1667334 #bordergatewayprotocol #bgphijacking #chinatelecom #hacking #biz&it #policy

  8. Breaking the law: How 8chan (or “8kun”) got (briefly) back online - Enlarge / Snek goes dark. (credit: Getty Images)
    The successor to 8chan, 8kun, made a somewhat br... more: arstechnica.com/?p=1597257 #bulletproofhosting #bgphijacking #cloudflare #vanwanet #biz&it #8chan #bogon #8kun #bgp

  9. Do ask your ISP and hosting provider about #bgp security - kudos to Hetzner who just replied: "We're using RPKI, filtering and Anti-Spoofing mechanisms". If yours doesn't send them this manrs.org/isps/guide/ #bgphijacking

  10. Responding to yet another "BGP hijacked by country X" incidents I can only repeatedly remind: the problem has been long fixed - see internetsociety.org/tutorials/ #internet #routing #bgphijacking