nanog mailing list archives
RE: tcp bgp vulnerability looking glass and route server issues.
From: "David Luyer" <david () luyer net>
Date: Thu, 22 Apr 2004 10:10:17 +1000
Lane Patterson wrote:
While I agree that publicly open route-views routers should not allow display of "sho ip bgp nei" information, this is only giving away 4-tuple info regarding non-production BGP sessions, right? So folks could potentially flap the route-views sessions, but this will not affect any production routing in the data path. If any folks are allowing "sho ip bgp nei" via looking glass interface to a production router, then yes, that is a problem. I haven't seen any.
I've seen direct looking glasses into IX routers, into SP production routers and to routers which peer with major routers - where you could consider that resetting the session frequently could start having CPU impact on the router connected to the route server. They're all potential impacting problems. Also if checking if you have a problem make sure you don't permit: sh ip bgp nei sh ip bgp nei x.x.x.x sh tcp David.
Current thread:
- tcp bgp vulnerability looking glass and route server issues. Smith, Donald (Apr 20)
- <Possible follow-ups>
- RE: tcp bgp vulnerability looking glass and route server issues. Lane Patterson (Apr 21)
- RE: tcp bgp vulnerability looking glass and route server issues. David Luyer (Apr 21)
- Re: tcp bgp vulnerability looking glass and route server issues. Troy Davis (Apr 21)
- RE: tcp bgp vulnerability looking glass and route server issues. Burton, Chris (Apr 21)
- RE: tcp bgp vulnerability looking glass and route server issues. Smith, Donald (Apr 21)