Cenzic 232 Patent
Paid Advertising
web application security lab

Looking glasses - hacking layers 2-3 via web applications

Only the very largest companies in the world use a concept of a looking glass. A looking glass is a script that is designed to be a helpful tool to network administrators. Let’s say I’m super-massive-ISP A that wants to talk to super-massive-ISP B and we are peers. If the connection goes down, it’s often unclear as to whom is at fault for the network outage.

So each super-massive-ISP sets up a script called a “looking glass” that is designed to run commands on border routers. The commands are simple things that attempt to diagnose network connectivity issues. The problem is that these script are open source, and often poorly written. It’s not inconceivable that these looking glass scripts have a vulnerability that allows you to run arbitrary commands on the router.

In this way you can hack the 2-3 OSI layers via the web application which sits at 5-7. Performing network level commands via web applications really opens a whole other realm to things like XSS attacks or SQL injection or code injection, where they can affect the operations of entire networks via a few small pieces of JavaScript put on a web board on a completely unrelated website. Pretty scary stuff.

3 Responses to “Looking glasses - hacking layers 2-3 via web applications”

  1. dre Says:

    nah… usually these isp’s take precautions. they use bgp communities and filters to prevent accidental route injection or any l2-3 attacks.

    best anyone could do in 99.9% of cases would be to take out the route-server or get access to the web server providing the looking glass. not the stuff you’re talking about.

  2. Yi-Feng Tzeng’s Blog » Blog Archive » Hacking 2-3 OSI layers via 5-7 Says:

    […] And, ha.ckers.org also found a interesting “looking glasses” about this issue. […]

  3. RSnake Says:

    dre, usually is correct, but I’ve seen a few situations where these companies aquire smaller ISPs who aren’t as technically sound, who then open up the larger ISP to these types of attacks. 99% might be right, but if 1% of internet traffic is vulnerable, that’s still pretty scary. My bet is it’s higher, based on my own experience.