Dailydave mailing list archives
Re: tubes clogged
From: Jess Kitchen <jess.kitchen () adjacentnetworks net>
Date: Mon, 29 Dec 2008 20:36:46 +0000 (GMT)
I'm thinking an attack that causes BGP peers (glue of the internet) to go through a cascading flapping mechanism forcing them to continuously dampen each other till they keep breaking adjacency with each other.
In my experience one bad path being penalised actually affects all paths for a particular prefix available for consideration- this is one reason why flap dampening became unfashionable as it potentially does more harm than good. I think your idea should only actually be applicable to multihop EBGP sessions, and even then I can't see how you would essentially flap the intermediate linknets to cause this (take a directly connected /30 or exchange point prefix- in many cases they aren't even carried in BGP as more specifics) The legal angle mentioned in the vague descriptions I've seen suggest that a major vendor (vendors?) has been reversed or fuzzed to good effect - one-packet session teardown perhaps- something to do with BFD? Throw in GTSM and uRPF on most sensible networks too and the attack won't get to the control plane, so.. I'm interested, that's for sure ;) Jess _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- tubes clogged Alexander Sotirov (Dec 29)
- Re: tubes clogged Jared DeMott (Dec 29)
- Re: tubes clogged J. Oquendo (Dec 29)
- Re: tubes clogged Can Erkin Acar (Dec 29)
- Re: tubes clogged Jess Kitchen (Dec 29)
- Re: tubes clogged J. Oquendo (Dec 29)
- Re: tubes clogged H D Moore (Dec 29)
- Re: tubes clogged Petja van der Lek (Dec 29)
- Re: tubes clogged Fyodor (Dec 29)
- Re: tubes clogged Jess Kitchen (Dec 29)
- Re: tubes clogged Thorsten Holz (Dec 30)
- Re: tubes clogged dan (Dec 30)
- Re: tubes clogged Paul Melson (Dec 30)
- Re: tubes clogged Petja van der Lek (Dec 29)
- Re: tubes clogged Jared DeMott (Dec 29)
- MD5 Considered Harmful Today: Creating a rogue CA certificate Alexander Sotirov (Dec 30)
- Re: MD5 Considered Harmful Today: Creating a rogue CA certificate Charles Miller (Dec 30)