nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...

From: Ophir Ronen <ophir () internap com>
Date: Fri, 20 Dec 1996 14:38:00 -0800 (PST)

On Fri, 20 Dec 1996, Alex.Bligh wrote:




I think that there's some lack of clarity on the problem here.  Anyone can
stream packets at ANY router and take it down.  If it's not ICMP, you can
simply forge routing protocol packets.  It's a question of simply
supersaturating the system.  To truly deal with DoS attacks, there are
basically three approaches:


Indeed. For instance SYN-flood the BGP port.


        Correct me if I'm wrong but to the best of my recollection, in
order for a packet to be accepted on the BGP port, it must be originating
from a configured BGP peer. Since the SYN flood method relies on the
attack originating from an unreachable (yet routable) address, it would
seem that this approach will fail. 

rfc-1771:

If the local system detects that a remote peer is trying to
establish BGP connection to it, and the IP address of the
remote peer is not an expected one, the local system restarts
the ConnectRetry timer, rejects the attempted connection,
continues to listen for a connection that may be initiated by
the remote BGP peer, and stays in the Active state.



-Ophir



- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: