Looking Glass servers (LG servers) are servers on the Internet running one of a variety of publicly available Looking Glass software implementations. They are commonly deployed by autonomous systems (AS) to offer access to their routing infrastructure in order to facilitate debugging network issues.[1] A Looking Glass server is accessed remotely for the purpose of viewing routing information. Essentially, the server acts as a limited, read-only portal to routers of whatever organization is running the LG server.[2]
Typically, Looking Glass servers are run by autonomous systems like Internet service providers (ISPs), Network Service Providers (NSPs), and Internet exchange points (IXPs).[1]
Implementation
Looking glasses are web scripts directly connected to routers' admin interfaces such as telnet and SSH.[1] These scripts are designed to relay textual commands from the web to the router and print back the response. They are often implemented in Perl[3] PHP,[4][5] and Python,[6][7] and are publicly available on GitHub.
Security concerns
A 2014 paper demonstrated the potential security concerns of Looking Glass servers, noting that even an "attacker with very limited resources can exploit such flaws in operators' networks and gain access to core Internet infrastructure", resulting in anything from traffic disruption to global Border Gateway Protocol (BGP) route injection.[1] This is due in part because looking glass servers are "an often overlooked critical part of an operator infrastructure" because it sits at the intersection of the public internet and "restricted admin consoles". As of 2014, most Looking Glass software was small and old, having last been updated in the early 2000's.[1]
See also
References
- 1 2 3 4 5 Luca Bruno, Mariano Graziano, Davide Balzarotti, and Aurélien Francillon (August 2014). "Through the Looking-Glass, and What Eve Found There" (PDF). 8th USENIX Workshop on Offensive Technologies (WOOT 2014). San Diego, CA: USENIX. Retrieved 27 March 2021.
{{cite book}}
: CS1 maint: multiple names: authors list (link) - ↑ "Juniper - Looking Glass". looking-glass.readthedocs.io. Retrieved 21 January 2021.
A super-user access is not necessary, a read-only user is not sufficient though. The operator class would be good enough. It is better to define a new class with access to specific commands to restrict the looking glass user to what it actually needs (no more, no less).
- ↑ "Cougar/lg". GitHub. 15 January 2021.
- ↑ Mazoyer, Guillaume (9 January 2021). "respawner/looking-glass". GitHub.
- ↑ "hsdn/lg". Home Server Data Network Non-commercial Project. 25 November 2020.
- ↑ Love, Matt (19 January 2021). "checktheroads/hyperglass". GitHub.
- ↑ "hyperglass". hyperglass.io.
External links
- Source code for the *original* Multi-Router Looking Glass (MRLG) by John Fraizer @ OP-SEC.US
- Packet Clearing House Looking Glass servers around the world.
- Looking Glass server source code
- Clickable map of known Reverse Lookup and Looking Glass servers in the world Archived 2008-09-08 at the Wayback Machine
- Looking Glass Wiki - List of hundreds of Looking Glass servers, sorted by Autonomous System Number.
- IPv4 and IPv6 BGP Looking Glasses at BGP4.as
- BGP Looking Glass links collection at LookinGlass.org
- CSpace Hostings Looking Glass a Network Service Providers looking glass example.
- RFC 8522: Looking Glass Command Set