jm + bgp   5

Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins | Threat Level | WIRED
'The attacker specifically targeted a collection of bitcoin mining “pools”–bitcoin-producing cooperatives in which users contribute their computers’ processing power and are rewarded with a cut of the resulting cryptocurrency the pool produces. The redirection technique tricked the pools’ participants into continuing to devote their processors to bitcoin mining while allowing the hacker to keep the proceeds. At its peak, according to the researchers’ measurements, the hacker’s scam was pocketing a flow of bitcoins and other digital currencies including dogecoin and worldcoin worth close to $9,000 a day. “With this kind of hijacking, you can quite easily grab a large collection of clients,” says Pat Litke, one of the Dell researchers. “It takes less than a minute, and you end up with a lot of mining traffic under your control.”'

'In total, Stewart and Litke were able to measure $83,000 worth of cryptocurrency stolen in the BGP attack [...] but the total haul could be larger'
bitcoin  mining  fraud  internet  bgp  routing  security  attacks  hacking 
august 2014 by jm
Shutterbits replacing hardware load balancers with local BGP daemons and anycast
Interesting approach. Potentially risky, though -- heavy use of anycast on a large-scale datacenter network could increase the scale of the OSPF graph, which scales exponentially. This can have major side effects on OSPF reconvergence time, which creates an interesting class of network outage in the event of OSPF flapping.

Having said that, an active/passive failover LB pair will already announce a single anycast virtual IP anyway, so, assuming there are a similar number of anycast IPs in the end, it may not have any negative side effects.

There's also the inherent limitation noted in the second-to-last paragraph; 'It comes down to what your hardware router can handle for ECMP. I know a Juniper MX240 can handle 16 next-hops, and have heard rumors that a software update will bump this to 64, but again this is something to keep in mind'. Taking a leaf from the LB design, and using BGP to load-balance across a smaller set of haproxy instances, would seem like a good approach to scale up.
scalability  networking  performance  load-balancing  bgp  exabgp  ospf  anycast  routing  datacenters  scaling  vips  juniper  haproxy  shutterstock 
may 2014 by jm
The New Threat: Targeted Internet Traffic Misdirection
MITM attacks via BGP route hijacking now relatively commonplace on the internet, with 60 cases observed so far this year by Renesys
bgp  mitm  internet  security  routing  attacks  hijacking 
november 2013 by jm
Spamhaus victim of BGP route hijacking
Pretty major hi-jinks. Neil Schwartzman says it didn't go on for long, but still, this is crazy antics.

As can seen from the BGP output, we were using a /32 route going over AS 34109. This was highly suspicious for two reasons. First, a /32 route refers only to a single IP address. Except in special cases, routes are normally /24 (256 hosts) or larger. Second, the AS 34109 belongs to CB3ROB which is an Internet provider that has actually been in conflict with Spamhaus (see: spamhaus; allspammedup; theregister). Certainly they weren’t running a legitimate Spamhaus server. It seems clear that the CB3ROB network hijacked one (or more) of the IP addresses of Spamhaus, and installed a DNS server there which incorrectly returns positive results to every query. The result causes harm to Spamhaus users and their customers, making Spamhaus unusable for anyone unable to correct the problem as we did, and perhaps even undermining the credibility of Spamhaus itself.
spamhaus  security  bgp  peering  internet  routing  hacking  dns  dnsbls  cb3rob  as-34109 
march 2013 by jm

Copy this bookmark: