Looking Glass servers (LG servers) are servers on the Internet running one of a variety of publicly available Looking Glass software implementations. They are commonly deployed by autonomous systems (AS) to offer access to their routing infrastructure in order to facilitate debugging network issues. [1] A Looking Glass server is accessed remotely for the purpose of viewing routing information. Essentially, the server acts as a limited, read-only portal to routers of whatever organization is running the LG server. [2]
Typically, Looking Glass servers are run by autonomous systems like Internet service providers (ISPs), Network Service Providers (NSPs), and Internet exchange points (IXPs). [1]
Looking glasses are web scripts directly connected to routers' admin interfaces such as telnet and SSH. [1] These scripts are designed to relay textual commands from the web to the router and print back the response. They are often implemented in Perl [3] PHP, [4] [5] and Python, [6] [7] and are publicly available on GitHub.
A 2014 paper demonstrated the potential security concerns of Looking Glass servers, noting that even an "attacker with very limited resources can exploit such flaws in operators' networks and gain access to core Internet infrastructure", resulting in anything from traffic disruption to global Border Gateway Protocol (BGP) route injection. [1] This is due in part because looking glass servers are "an often overlooked critical part of an operator infrastructure" because it sits at the intersection of the public internet and "restricted admin consoles". As of 2014, most Looking Glass software was small and old, having last been updated in the early 2000's. [1]
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator.
Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS).
A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Local Internet Registries (LIRs) and end user organizations by their respective Regional Internet Registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use.
Internet exchange points are common grounds of IP networking, allowing participant Internet service providers (ISPs) to exchange data destined for their respective networks. IXPs are generally located at places with preexisting connections to multiple distinct networks, i.e., datacenters, and operate physical infrastructure (switches) to connect their participants. Organizationally, most IXPs are each independent not-for-profit associations of their constituent participating networks. The primary alternative to IXPs is private peering, where ISPs directly connect their networks to each other.
Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and DNS hosts, to bring their content closer to end users.
Multihoming is the practice of connecting a host or a computer network to more than one network. This can be done in order to increase reliability or performance.
Contiki is an operating system for networked, memory-constrained systems with a focus on low-power wireless Internet of Things (IoT) devices. Contiki is used for systems for street lighting, sound monitoring for smart cities, radiation monitoring and alarms. It is open-source software released under the BSD-3-Clause license.
XORP is an open-source Internet Protocol routing software suite originally designed at the International Computer Science Institute in Berkeley, California. The name is derived from eXtensible Open Router Platform. It supports OSPF, BGP, RIP, PIM, IGMP, OLSR.
Bulletproof hosting (BPH) is technical infrastructure service provided by an Internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks. BPH providers allow online gambling, illegal pornography, botnet command and control servers, spam, copyrighted materials, hate speech and misinformation, despite takedown court orders and law enforcement subpoenas, allowing such material in their acceptable use policies.
BGP hijacking is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol (BGP).
The Toronto Internet Exchange Community (TorIX) is a not-for-profit Internet Exchange Point (IXP) located in a carrier hotel at 151 Front Street West, Equinix's TR2 data centre at 45 Parliament Street and 905 King Street West in Toronto, Ontario, Canada. As of March 2021, TorIX has 259 unique autonomous systems representing 285 peer connections and peak traffic rates of 1.344 Tbps, making it the largest IXP in Canada. According to Wikipedia's List of Internet Exchange Points by Size, TorIX is the 16th largest IXP in the world in numbers of peers, and 17th in the world in traffic averages. The Exchange is organized and run by industry professionals in voluntary capacity.
An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.
Locator/ID Separation Protocol (LISP) is a "map-and-encapsulate" protocol which is developed by the Internet Engineering Task Force LISP Working Group. The basic idea behind the separation is that the Internet architecture combines two functions, routing locators and identifiers in one number space: the IP address. LISP supports the separation of the IPv4 and IPv6 address space following a network-based map-and-encapsulate scheme. In LISP, both identifiers and locators can be IP addresses or arbitrary elements like a set of GPS coordinates or a MAC address.
dn42 is a decentralized peer-to-peer network built using VPNs and software/hardware BGP routers.
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework to support improved security for the Internet's BGP routing infrastructure.
JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.
Grenoble Internet eXchange or GrenoblIX is the Internet eXchange point (IXP) of Grenoble in Isère and Auvergne – Rhône-Alpes region. GrenoblIX allows to the connected members to exchange the traffic in order to avoid passing by faraway infrastructures. This Internet eXchange point is managed by the non-profit organization Rezopole, founded in 2001.
{{cite book}}
: CS1 maint: multiple names: authors list (link)A super-user access is not necessary, a read-only user is not sufficient though. The operator class would be good enough. It is better to define a new class with access to specific commands to restrict the looking glass user to what it actually needs (no more, no less).