Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • At a Glance
  • Workshop Program
  • Co-Located Workshops
  • Activities
    • Birds-of-a-Feather Sessions
  • Sponsorship
  • Students and Grants
  • Questions?
  • Help Promote!
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Through the Looking-Glass, and What Eve Found There
Tweet

connect with us

http://twitter.com/usenixsecurity
http://www.usenix.org/facebook
http://www.usenix.org/linkedin
http://www.usenix.org/gplus
http://www.usenix.org/youtube

Through the Looking-Glass, and What Eve Found There

Monday, August 4, 2014 - 11:30am
Authors: 

Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurélien Francillon, EURECOM

Abstract: 

Looking-glasses are web applications commonly deployed by Autonomous Systems to offer restricted web access to their routing infrastructure, in order to ease remote debugging of connectivity issues. In our study, we looked at existing deployments and open-source code to assess the security of this critical software. As a result, we found several flaws and misconfigurations that can be exploited to escalate from a web attack to a remote command execution on backbone routers.

This paper summarises the results of our study, and shows how even an attacker with very limited resources can exploit such flaws in operators’ networks and gain access to core Internet infrastructure. Depending on systems configuration, these attacks may result in traffic disruption and global BGP routes injection, with severe implications for the security of the Internet.

Luca Bruno, EURECOM

Mariano Graziano, EURECOM

Davide Balzarotti, EURECOM

Aurélien Francillon, EURECOM

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {185134,
author = {Luca Bruno and Mariano Graziano and Davide Balzarotti and Aur{\'e}lien Francillon},
title = {Through the {Looking-Glass}, and What Eve Found There},
booktitle = {8th USENIX Workshop on Offensive Technologies (WOOT 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/woot14/workshop-program/presentation/bruno},
publisher = {USENIX Association},
month = aug,
}
Download
Bruno PDF
View the slides

Presentation Video 

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us