[LINK] All your internets are belong to us

Ben McGinnes ben at adversary.org
Thu Nov 25 04:53:49 AEDT 2010


On 24/11/10 7:20 AM, Martin Barry wrote:
> 
> My understanding is that they effectively turned themselves into a
> transit provider and were actually passing the traffic on towards
> the correct destination.

That does appear to be what happened.

> So you were still (absent of any MITM attack) connecting to the
> correct server, it's just that your packets were going via China
> first.

I don't think that the concern is that there may have been a MitM
attack on one or more data transmissions during the hijack window, I
think the concern is that a copy of that data may have been retained
for analysis and that data may include data from networks which would
prefer it never reach China (e.g. Defense traffic).

> Also note, that it's most likely that routing to only one of the
> client or server was affected (if at all) and hence only one side of
> the communication would be sent the wrong way.

That is probable for a lot of the traffic, but certainly no guarantee
of all of it.  We'd need to have a look at which routes were diverted
and which networks accepted the new routing information.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20101125/04d60a01/attachment.sig>


More information about the Link mailing list