[May be add this in the Security Considerations of the future RFC.]
On Tue, Mar 01, 2005 at 09:40:05AM -0500,
Nico Kadel-Garcia <nkadel(_at_)comcast(_dot_)net> wrote
a message of 38 lines which said:
There are several methods. Many involve manipulating routing tables
on intermediate connections, so that the traffic goes to a fake such
address or is even duplicated to that fake destination so that the
traffic can be analyzed and parsed for passwords.
This exists but it is *far* more complicated than giving false
information in a SMTP session.
All we can hope is to make things more difficult for spammers. Reality
check: we cannot prevent forgery. We can make it more difficult and
therefore may be less lucrative and limited to less people.
Since most routers have no more security than most FTP accounts,
using default passwords, having little shell scripts or
configuration tools lying around with the passwords in plain text,
and having admins log in remotely over unsecured networks to fix
problems and sending passwords in the clear because they use telnet
and few routers support SSH, this isn't actually that hard.
Do not be so pessimistic: all router's operating systems (Linux, IOS,
JunOS, FreeBSD) support SSH for a long time. There are two sort of
routers:
* end-site routers at the edge of the Internet. There are often
completely unmanaged and, as you say, exhibit many security
holes. But, since they connect only an end-site, you cannot use them
to disrupt or divert traffic.
* core routers, managed by network operators. They are much more
useful as targets but they are also much more hardened (though not
perfectly).