Explore a critical security analysis of looking-glass web applications deployed by Autonomous Systems for remote debugging of connectivity issues. Delve into the findings of a study that uncovered several flaws and misconfigurations in existing deployments and open-source code, which can be exploited to escalate from web attacks to remote command execution on backbone routers. Examine how attackers with limited resources can potentially gain access to core Internet infrastructure, potentially resulting in traffic disruption and global BGP route injection. Gain insights into the severe implications these vulnerabilities pose for Internet security and the importance of addressing these issues in operators' networks.
Overview
Syllabus
WOOT '14 - Through the Looking-Glass, and What Eve Found There
Taught by
USENIX