nanog mailing list archives
Re: BGP Exploit
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Wed, 05 May 2004 23:31:11 +0000 (GMT)
On Wed, 5 May 2004, Patrick W.Gilmore wrote:
On May 5, 2004, at 2:39 PM, Smith, Donald wrote:No. The router stays up. The tool I use is very fast. It floods the GIGE to the point that that interface is basically unusable but the router itself stays up only the session is torn down. I did preformed these tests in a lab and did not have full bgp routing tables etc ... so your mileage may vary.That is DAMNED impressive. I've never seen a router which can take a Gigabit of traffic to its CPU and stay up. What kind of router was this? You mentioned Juniper and Cisco before, but I know a cisco will fall over long before a gigabit and a Juniper either does or drops packets destined for the CPU (but keeps routing).
recieve-path acl and recieve-path-limits perhaps on a cisco will allow survival? Though if this is 'bgp' from a valid peer it seems likely to crunch it either way.
Perhaps it was rate limiting the # of packets which reached the CPU, and the session stayed up because the "magic" packet was dropped in the rate limiting?
That sees likely.
Current thread:
- BGP Exploit kwallace (May 03)
- Re: BGP Exploit Patrick W . Gilmore (May 03)
- Re: BGP Exploit Kurt Erik Lindqvist (May 04)
- Re: BGP Exploit Steven M. Bellovin (May 04)
- <Possible follow-ups>
- RE: BGP Exploit Smith, Donald (May 04)
- Re: BGP Exploit james (May 04)
- RE: BGP Exploit Stephen J. Wilcox (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
- Re: BGP Exploit Patrick W . Gilmore (May 05)
- Re: BGP Exploit Christopher L. Morrow (May 05)
- Re: BGP Exploit Patrick W . Gilmore (May 06)
- Re: BGP Exploit Christopher L. Morrow (May 06)
- Re: BGP Exploit Ingo (May 07)
- Re: BGP Exploit Patrick W . Gilmore (May 05)
- Re: BGP Exploit Danny McPherson (May 12)
- Re: BGP Exploit Iljitsch van Beijnum (May 13)