It simply exploits the natural way BGP works. The problem arises from the level of interconnectivity that's needed to maintain this mess, to keep it all working. The issue exists because BGP's architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they're the quickest, most efficient route for the data to reach its destination.
But BGP assumes that when a router says it's the best path, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic. Here's how it works. When a user types a website name into his browser or clicks "send" to launch an e-mail, a Domain Name System server produces an IP address for the destination.
That table is built from announcements, or "advertisements," issued by ISPs and other networks -- also known as Autonomous Systems, or ASes -- declaring the range of IP addresses, or IP prefixes, to which they'll deliver traffic.
The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix "wins" the traffic. For example, one AS may advertise that it delivers to a group of 90, IP addresses, while another delivers to a subset of 24, of those addresses. If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one.
To intercept data, an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network. But in the past, known IP hijacks have created outages, which, because they were so obvious, were quickly noticed and fixed.
That's what occurred earlier this year when Pakistan Telecom inadvertently hijacked YouTube traffic from around the world. The traffic hit a dead-end in Pakistan , so it was apparent to everyone trying to visit YouTube that something was amiss. Pilosov's innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs. Ordinarily, this shouldn't work -- the data would boomerang back to the eavesdropper.
The application will block a dangerous object and display a message about an infection. Web Anti-Virus will allow the object to be opened or downloaded, and then will check it for viruses. When the application detects a potential threat, it will perform the action that you have set.
Click Advanced Settings. Automatically activate Kaspersky Protection extension in browsers. To enable this setting, select the checkbox. The application will only scan links on those websites. Click Configure trusted URLs and add websites that you trust. The application will not scan them.
Select URL databases that must be used to perform an additional scan. Links and websites will be scanned according to the settings that you have configured. Feedback on Technical Support Site Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate. Send My Website Feedback. Thank you! Thank you for submitting your feedback. We will review your feedback shortly.
How can we improve this article? Submit Submit. Thank you for your feedback! Manage My Services. Find Available Services. Was this page helpful? CenturyLink Services Support.
Home Phone. All Rights Reserved. Third party marks are the property of their respective owners. Residential Small Business Chat. Accessories Check for Deals at My Home. Support Support Center Contact Us. Support Sign In. Residential x. Cancel Continue.
0コメント