nanog mailing list archives
Re: BGP Exploit
From: Danny McPherson <danny () tcb net>
Date: Wed, 12 May 2004 15:50:52 -0600
On May 12, 2004, at 2:41 PM, Mark Johnson wrote:
What if sessions were attacked without MD5 in place. We would just seesession resets. As these happen anyway frequently at peering points is there any straightforward way to determine if the vulnerability caused the reset?
Depends on why it happens frequently. If it happens because you've got Network/Transport Layer or underlying connection problems then there's some other brokenness you should probably be more concerned with. If you're referring to session resets because of a peer or user action then something akin to "Last reset due to FOO" can likely be gleaned from "show bgp neighbor" output, especially since BGP performs "graceful shutdown" via notification messages under normal conditions I.e., you should probably be very concerned with any session reset for which no valid explanation is available via CLI or other means. -danny
Current thread:
- RE: BGP Exploit, (continued)
- RE: BGP Exploit Stephen J. Wilcox (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
- Re: BGP Exploit Patrick W . Gilmore (May 05)
- Re: BGP Exploit Christopher L. Morrow (May 05)
- Re: BGP Exploit Patrick W . Gilmore (May 06)
- Re: BGP Exploit Christopher L. Morrow (May 06)
- Re: BGP Exploit Ingo (May 07)
- Re: BGP Exploit Patrick W . Gilmore (May 05)
- Re: BGP Exploit Danny McPherson (May 12)
- Re: BGP Exploit Iljitsch van Beijnum (May 13)