Re: Qwest outage In NY

[Richard A Steenbergen <ras () e-gerbil net>]

On Wed, May 08, 2002 at 12:32:00PM -0400, Patrick McEvilly wrote:
> Qwest has confirmed a DOS attach against two of their Juniper routers in
> the NY POP.  I believe they had a UDP attack last week also (maybe on
> Saturday). This time the DOS was a TCP attack on the 100Mb management
> interface on the Juniper, leaving the box unable to pass packets, hence
> BGP stays up and a full routing table but you cannot get anywhere.

Ok I'll bite... What crackpipe are you smoking from?

If the link from the RE to the PFE (the fxp1) became saturated, or enough
packets hit the RE to blow away the processor, BGP (and the CLI, and
everything else) would certainly fall over.

Much like with any other router using distributed forwarding, if the
management processor dies, the traffic will continue to forward until the
routing protocols timed out and the rest of the network stopped sending it
traffic. The attack would then stop hitting the box in question, it would
come back up, and the cycle would repeat. This assumes that there are
actual routing protocols, in the case where it's statically routed the 
box just stays down. :)

But Juniper is more resilient to this form of attack than most, and you 
have the ability to filter packets going to the RE on any IP rev.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)