Re: long as path games?

["william(at)elan.net" <william () elan net>]

Well, long as-path of 100 is certain to be invalid (result of misconfig if 
not direct probe for vulnerability). Would it be good to recommend for 
ISPs filter at some as-path size as its easy easy and does not consume  
router resources? Would would be good as-path size to filter on, just to
be certain no valid route is filtered (just in case allow possible growth
of as-path up to 2x what it is now)?

On Mon, 31 Jan 2005, Blaine Christian wrote:

> Specifically, they have the ability to tickle a legacy cisco bug with AS
> path length.  This bug was supposedly mitigated in code and I believe my
> previous company is still filtering AS path length (UUNET) of 100 or
> greater. 
>
> A valid AS-Path of greater than 100 has not yet been found (which was why
> the filters were in place).
>
> On 1/31/05 8:53 AM, "Jared Mauch" <jared () puck nether net> wrote:
>
> > On Mon, Jan 31, 2005 at 07:19:14AM +0200, Hank Nussbacher wrote:
> > > At 10:23 PM 30-01-05 -0500, Jon Lewis wrote:
> > >
> > > > Someone at fido.net having some bgp config issues?
> > >
> > > Looks like someone probing for a buffer overflow on a world-wide basis.
> > >
> > > -Hank
> > >
> > >
> > > > Jan 30 18:34:51 EST: %BGP-6-ASPATH: Long AS path 6461 3356 6770 8282 8282
> > > > 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282
> > > > 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282
> > > > 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282
> > > > 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282
> > > > 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282
> > > > 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282
> > > > received from ...
> >
> > Router(config-router)#bgp maxas-limit ?
> >   <1-2000>  Number of ASes in the AS-PATH attribute
> >
> > Router(config-router)#bgp maxas-limit 50
> >
> > Easy to fix/reject.
> >
> > - jared