nanog mailing list archives
Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
From: Niels Bakker <niels=nanog () bakker net>
Date: Fri, 23 Apr 2004 18:19:17 +0200
* haesu () towardex com (James) [Fri 23 Apr 2004, 02:58 CEST]:
in IOS bgp will bind source ip that is relevant to the subnet it is being peered with, even if it is a secondary ip. i am not sure if it
Actually my lab testing showed that older routers (2500/4500) do so, but real equipment (7200/7500) doesn't, for some reason
binds the ip to primary ip for the first time, then fall back to secondary ip as primary fails though.. all i know is that when i've
This it definitely doesn't do.
tried it by putting a bogus ip as primary, bgp session did turn up, but took a little longer than usual.. didn't investigate any further however.
That's probably because the other end initiated the TCP session by then. -- Niels.
Current thread:
- Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Lane Patterson (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) James (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Matthew Crocker (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) James (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Niels Bakker (Apr 23)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Matthew Crocker (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Stephen J. Wilcox (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) James (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Patrick W . Gilmore (Apr 22)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Pekka Savola (Apr 23)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Patrick W . Gilmore (Apr 23)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYNvulnerability) sthaug (Apr 23)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Alex Bligh (Apr 23)
- Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability) Pekka Savola (Apr 23)