nanog mailing list archives

RE: BGP Exploit

From: "Smith, Donald" <Donald.Smith () qwest com>
Date: Wed, 5 May 2004 12:39:35 -0600


No. The router stays up. The tool I use is very fast. It floods the GIGE
to the point that that interface is basically unusable but the router
itself stays up only the session is torn down. I did preformed these
tests in a lab and did
not have full bgp routing tables etc ... so your mileage may vary.



Donald.Smith () qwest com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767 AF00 EDCC
kill -13 111.2

-----Original Message-----
From: Stephen J. Wilcox [mailto:steve () telecomplete co uk] 
Sent: Wednesday, May 05, 2004 10:16 AM
To: Smith, Donald
Cc: Steven M. Bellovin; Kurt Erik Lindqvist; 
kwallace () pcconnection com; nanog () merit edu
Subject: RE: BGP Exploit 

Of more interest.. does the router die (cpu load) before you 
brute force the 
sessions down

Steve

On Tue, 4 May 2004, Smith, Donald wrote:


I have seen 3 pubic ally available tools that ALL work.
I have seen 2 privately tools that work.
A traffic generator can be configured to successfully tear down bgp 
sessions.

Given src/dst ip and ports :
I tested with a cross platform EBGP peering with md5 using

several of

the tools I could not tear down the sessions. I tested both

Cisco and

juniper BGP peering after  code upgrades without md5 I

could not tear

down the sessions.


Donald.Smith () qwest com GCIA 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767

AF00 EDCC kill

-13 111.2

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On
Behalf Of Steven M. Bellovin
Sent: Tuesday, May 04, 2004 11:54 AM
To: Kurt Erik Lindqvist
Cc: kwallace () pcconnection com; nanog () merit edu
Subject: Re: BGP Exploit 




In message
<C4E8C22A-9DA6-11D8-B28B-000A95928574 () kurtis pp se>, Kurt 
Erik Lindq vist writes:


Now that the firestorm over implementing Md5 has quieted

down a bit,

is anybody aware of whether the exploit has been used?

Feel free to

reply off list.


Even more interesting, did anyone manage to reproduce it?


I don't know if it's being used; I know that reimplementations of 
the
idea are out there.


          --Steve Bellovin, http://www.research.att.com/~smb

Current thread:

BGP Exploit kwallace (May 03)
- Re: BGP Exploit Patrick W . Gilmore (May 03)
- Re: BGP Exploit Kurt Erik Lindqvist (May 04)
  - Re: BGP Exploit Steven M. Bellovin (May 04)
- <Possible follow-ups>
- RE: BGP Exploit Smith, Donald (May 04)
  - Re: BGP Exploit james (May 04)
  - RE: BGP Exploit Stephen J. Wilcox (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
  - Re: BGP Exploit Patrick W . Gilmore (May 05)
    - Re: BGP Exploit Christopher L. Morrow (May 05)
    - Re: BGP Exploit Patrick W . Gilmore (May 06)
    - Re: BGP Exploit Christopher L. Morrow (May 06)
    - Re: BGP Exploit Ingo (May 07)
- RE: BGP Exploit Smith, Donald (May 06)
- RE: BGP Exploit Mark Johnson (May 12)
  - Re: BGP Exploit Danny McPherson (May 12)
- RE: BGP Exploit Mark Johnson (May 13)
  - Re: BGP Exploit Iljitsch van Beijnum (May 13)