Through the looking-glass, and what eve found there

8th USENIX Workshop on Offensive Technologies, WOOT 2014

Volumn , Issue , 2014, Pages

  Bruno, Luca ^a   Graziano, Mariano ^a   Balzarotti, Davide ^a   Francillon, Aurélien ^a  

^a EURECOM   (France)

Author keywords

[No Author keywords available]

Indexed keywords

GLASS; MIRRORS; OPEN SOURCE SOFTWARE; OPEN SYSTEMS;

AUTONOMOUS SYSTEMS; CRITICAL SOFTWARE; MISCONFIGURATIONS; OPEN-SOURCE CODE; REMOTE DEBUGGING; ROUTING INFRASTRUCTURE; SYSTEMS CONFIGURATION; TRAFFIC DISRUPTION;

PROGRAM DEBUGGING;

EID: 85084163093     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (43)

1. S. Murphy. BGP Security Vulnerabilities Analysis. RFC 4272 (Informational), January 2006.
2. Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard), January 2006. Updated by RFCs 6286, 6608, 6793.
3. Quagga Routing Suite. http://www.nongnu.org/quagga/.
4. Xorp - eXtensible Open Router Platform. http://www.xorp.org/.
5. University of Oregon Route Views Project. http://www.routeviews.org/.
6. Cougar LG. https://github.com/Cougar/lg.
7. Cistron LG. http://www.tux.org/pub/people/ miquel- van- smoorenburg/net/.
8. MRLG. http://mrlg.op-sec.us/.
9. MRLG4PHP. http://freecode.com/projects/mrlg4php.
10. Telephone LG. https://github.com/telephone/ LookingGlass.
11. Hristo Bojinov, Elie Bursztein, and Dan Boneh. XCS: cross channel scripting and its impact on web applications. In ACM Conference on Computer and Communications Security, pages 420–431, 2009.
12. Johnny Long. Google Hacking for Penetration Testers. Black Hat USA, 2005.
13. Cisco on Cisco Best Practices – IP Addressing Policies. https://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_ Addressing_Best_Practices.pdf, 2010.
14. Ahn, Luis Von and Blum, Manuel and Hopper, Nicholas J. and Langford, John. CAPTCHA: Using Hard AI Problems for Security. In Proceedings of the 22Nd International Conference on Theory and Applications of Cryptographic Techniques, EURO-CRYPT’03, 2003.
15. Cisco IOS Password Encryption Facts. http://www.cisco.com/c/en/us/support/docs/security- vpn/ remote- authentication- dial- user- service- radius/ 107614- 64.html.
16. Cisco PSIRT. Cisco IOS and Cisco IOS XE Type 4 Passwords Issue . http://tools.cisco.com/security/center/content/CiscoSecurityResponse/ cisco- sr- 20130318- type4.
17. Cisco PSIRT. AAA Command Authorization by-pass . http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco- sr- 20060125- aaatcl.
18. Juniper Networks SIRT. Unauthorized user can obtain root access using cli. http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10420&actp=search&viewlocale= en_US&searchid=1400663655904, 2010.
19. mrlg4php: remote command injection to router’s console via”argument” parameter. http://www.s3.eurecom.fr/cve/CVE-2014-3927.txt, 2014.
20. Cougar-LG: Unsafe configuration file path/ACL. http://www.s3.eurecom.fr/cve/CVE-2014-3928.txt, 2014.
21. Cougar-LG: Unsafe SSH keypairs path in default config. http://www.s3.eurecom.fr/cve/CVE-2014-3929.txt, 2014.
22. Cistron-LG: Unsafe configuration file path/ACL. http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt, 2014.
23. Cougar-LG: XSS in title via”addr” parameter. http://www.s3.eurecom.fr/cve/CVE-2014-3926.txt, 2014.
24. MRLG: remote memory corruption in fastping (SUID binary). http://www.s3.eurecom.fr/cve/CVE-2014-3931. txt, 2014.
25. Earl Zmijewski. Indonesia Hijacks the World. http://www.renesys.com/2014/04/indonesia-hijacks-world/.
26. Ballani, Hitesh and Francis, Paul and Zhang, Xinyang. A Study of Prefix Hijacking and Interception in the Internet. In Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM’07, New York, NY, USA, 2007.
27. FX, FtR and kim0. Attacking networked embedded systems. Black Hat USA, 2002.
28. Felix”FX” Lindner. Cisco Vulnerabilities - Yesterday, Today and Tomorrow. Black Hat USA, 2003.
29. Felix”FX” Lindner. Cisco IOS Router Exploitation. Black Hat USA, 2009.
30. Felix”FX” Lindner. Hacking Huawei Routers. DEFCON XX, 2012.
31. Michael Lynn. Cisco IOS Shellcode. Black Hat USA, 2005.
32. Andy Davis. Remote Cisco IOS FTP exploit, 2007.
33. Ang Cui and Jatin Kataria and Salvatore J. Stolfo. Killing the Myth of Cisco IOS Diversity: Recent Advances in Reliable Shellcode Design. In WOOT, pages 19–27, 2011.
34. Juniper Networks SIRT. Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2014-0615). http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608&actp=search&viewlocale=en_ US&searchid=1400663655904, 2014.
35. Butler, Kevin R. B. and Farley, Toni R. and McDaniel, Patrick and Rexford, Jennifer. A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE, 98:100–122, 2010.
36. Ramachandran, Anirudh and Feamster, Nick. Understanding the Network-level Behavior of Spammers. In Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM’06, 2006.
37. Public-key infrastructure for the Secure Border Gateway Protocol (S-BGP), 2001.
38. RFC 2385 - Protection of BGP Sessions via the TCP MD5 Signature Option. http://www.ietf.org/rfc/rfc2385.txt, 1998.
39. Caesar, M. and Rexford, J. BGP Routing Policies in ISP Networks. Netwrk. Mag. of Global Internetwkg., 2005.
40. Nordström, Ola and Dovrolis, Constantinos. Beware of BGP Attacks. SIGCOMM Comput. Commun. Rev.
41. rgod. Looking Glass v20040427 arbitrary commands execution / cross site scripting. http://retrogod.altervista.org/lookingglass.html, 2005.
42. BGP vulnerability? http://www.gossamer-threads.com/lists/cisco/nsp/11323?do=post_view_threaded# 11323, 2004.
43. TCP BGP vulnerability looking glass and route server issues. http://www.nanog.org/mailinglist/mailarchives/old_archive/2004-04/msg00684.html, 2004.