Re: tubes clogged

[Jess Kitchen <jess.kitchen () adjacentnetworks net>]

> I'm thinking an attack that causes BGP peers (glue of the internet)
> to go through a cascading flapping mechanism forcing them to
> continuously dampen each other till they keep breaking adjacency
> with each other.

In my experience one bad path being penalised actually affects all paths 
for a particular prefix available for consideration- this is one reason 
why flap dampening became unfashionable as it potentially does more harm 
than good.

I think your idea should only actually be applicable to multihop EBGP 
sessions, and even then I can't see how you would essentially flap the 
intermediate linknets to cause this (take a directly connected /30 or 
exchange point prefix- in many cases they aren't even carried in BGP as 
more specifics)

The legal angle mentioned in the vague descriptions I've seen suggest that 
a major vendor (vendors?) has been reversed or fuzzed to good effect - 
one-packet session teardown perhaps-  something to do with BFD?

Throw in GTSM and uRPF on most sensible networks too and the attack won't 
get to the control plane, so..

I'm interested, that's for sure ;)

Jess
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave