Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)

From: "Josh Welch" <jwelch () buffalowildwings com>
Date: Wed, 5 May 2004 10:23:59 -0500
Mikael Olsson said:
<snip>

I still believe that the #1 impact of this vulnerability, as seen in an
Internet-wide perspective, is killing BGP sessions in core routers.
Do it a few times to trigger route flap detection, and you'll isolate
large chunks of the net from eachother, or, worst case, from the rest
of the Internet.



The advisories I have seen have made this same statement. However, according
to another list I read there are a number of network operators who feel this
is not a real threat. A number of them hold that it would be excessively
challenging to be able to match up the source-ip:source-port and
dest-ip:dest-port and effectively reset a BGP session without generating a
large volume of traffic, which should be noticed in and of itself. So, I am
wondering what people have been seeing, anyone yet seen evidence of an
attempt to exploit this?
Thanks,
Josh

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: