nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)

From: Niels Bakker <niels=nanog () bakker net>
Date: Fri, 23 Apr 2004 18:19:17 +0200

* haesu () towardex com (James) [Fri 23 Apr 2004, 02:58 CEST]:

in IOS bgp will bind source ip that is relevant to the subnet it is
being peered with, even if it is a secondary ip. i am not sure if it


Actually my lab testing showed that older routers (2500/4500) do so, but
real equipment (7200/7500) doesn't, for some reason



binds the ip to primary ip for the first time, then fall back to
secondary ip as primary fails though.. all i know is that when i've


This it definitely doesn't do.



tried it by putting a bogus ip as primary, bgp session did turn up, but
took a little longer than usual.. didn't investigate any further
however.


That's probably because the other end initiated the TCP session by then.


        -- Niels.
Previous By Date Next
Previous By Thread Next

Current thread: