I don't see the relation to BGP anomalies, since this "layer 3 shaping" is basically just "if you send traffic to the IP of an AS router, it probably goes over the link of that IP". None of this would help NSA "shape" arbitrary traffic onto links they are able to tap. (I'm really not sure what exactly the point of this is, the slides talk about exfil a lot, it would seem to me like some random device sending traffic to a router is more suspicious, because normal traffic never targets routers, than hitting an actual server somewhere but idk)

Funny to see even the NSA makes the mistake of calling a network an ASN (maybe because it's their name backwards), which is like saying I deposited money in my IBAN, or my neighbour lives in the string "123 Main Street", or Hacker News is an interesting DNS name full of great content.

[dead]

[flagged]