First, a quick overview of the attack. Most Internet devices that most of us deal with are end systems - typically servers, like the ones that live at www.google.com or some such place. There are another set of devices that are typically invisible (in the out-of-sight-out-of-mind sense): routers. These are specialized computers that figure out where each message needs to go so that it gets delivered to the proper location. The broadband router in your house is a very small version of this.
The routers at the Internet core are massive in comparison. They need to be, because they need to know where everything lives on the Internet. The only way that this can work (because nobody knows what the Internet really looks like) is that the routers talk to each other, and explain where things are. This all happens automatically, by a protocol called Border Gateway Protocol (BGP).
The CXPST attack is said to use a combination of techniques to overload the core routers, causing them to crash. Stan asks: is there anything to this?
Maybe. Let me break down the components you'd need.
1. Massive zombie botnet army
The attack needs a really large number of computers to work, because there's a ton of data to collect. Something along the lines of a quarter million computers. So I haven't bothered to say "don't try this at home", because most of us don't have a botnet of 250,000 pwned computers.
But some people do. A sadly large percentage of computers - even those "protected" by antivirus - are infected. Maybe 30%. So this part is pretty plausible.
2. Internet reconnaissance
If you want to attack the core routers, you need to know where they are. Since they don't have easy to remember names (like www.google.com), you need to figure this out on your own. There are programs to do this - traceroute is an elegant hack and will give you a list of all the routers that sit between your computer and your destination.
The problem is that there are many paths through the 'net, which go through many different core routers. This is where the botnet army comes in, with a ton of zombies figuring out the paths through the 'net to identify the top choke points.
But yeah, this is just programming. Plausible.
3. BGP vulnerability
While rare, attacks exploiting vulnerabilities in routing protocol software have been seen before. But that's not really what we're seeing in this attack. Rather, it's a timing attack, where you use the protocol as intended. CXPST tries to overwhelm a router so that it removes itself from the BGP interactions with its fellow routers. Then as it "clears its head" and starts to rejoin the BGP community CXPST targets a fellow router so that it goes down as the first is coming back. The intended outcome is to introduce rolling instability that cascades through the core, ultimately turning into a chain reaction that ultimately melts down the entire core.
You see why you need a lot of reconnaissance from the botnet - you don't need one core router to target, you need a bunch. If you only have a few, it's quite likely that your attack will fizzle.
So plausible or not? I'm a bit skeptical here. Timing attacks are nothing new, but you have to know what you're doing for them to work, and remember that nobody really knows what the Internet looks like. Nobody watches BGP in action, you the pool of expertise to get the timings right is really limited.
Could you? Maybe. I'd think that the intersection of the groups understand BGP timings and have a whopping great botnet army may be limited to nation state actors. Plausible, but unlikely.
Here's where it gets dicey. This sounds about right:
The people who plausibly could do this either probably wouldn't want to, or they are Intelligence Agencies who would probably only do it as a hostile act. China almost certainly has the capability to do this to us (we're likely the country most dependent on the Internet), but with all the economic activity that relies on Internet Just In Time communications (and with how their economy relies on ours), it would probably take them down, too.
Ordinary botnet owners would never launch such an attack. They’re making far too money from spam and reaping malware’s credit-card number fruits to want to kill the Internet. It is conceivable though that a rogue nation could attempt to wreck the Internet in a cyberwar.
In the long run, a CXPST attack would be stopped, but for a few hours to a day or two the Internet could conceivably be knocked out.
I'm not at all sure I see the motivation among these people. Then again, that may just point out the limits of my own imagination.
Bottom line, the number of interesting new attacks is an infinitely renewable source of risk. Robustness and resiliency are prudent, but no guarantee. But I'm not using this as an excuse to top up the diesel for the generator.