nanog mailing list archives

Re: AS PATH limits

From: Hank Nussbacher <hank () efes iucc ac il>
Date: Sun, 1 Oct 2017 08:17:53 +0300

On 01/10/2017 04:28, Christopher Morrow wrote:

On Sat, Sep 30, 2017 at 12:47 PM, Ken Chase <math () sizone org> wrote:

I dont see that as the solution. Someone else will offend again.

However, I also don't see trusting major backbones as our filters (for many
other reasons). Our software should be handling what's effectively a
buffer overflow
or equivalent (beware long paths that are actually shellcode).

Quagga among others seems to be subject to this bug, pre 0.99.23 or so
(.99.24+ seems ok). So upgrading is a solution.

ii  quagga              0.99.22.4-3ubu i386           BGP/OSPF/RIP routing
daemon

interestingly enough that isn't crashlooping nor is it bouncing bgp
sessions:


https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1572
Quagga 0.99.11 and earlier affected.
Fixed in 2009.

-Hank

192.168.100.100  4 MYASN 1642717    8864        0    0    0 2d23h32m
672475

and it's happily showing me the route even...

There was also some chatter on the quagga mailing list on how it's more

pleasant to stab your eyeballs out rather than constructing extremely long
regexp's that might work as a filter.

https://lists.quagga.net/pipermail/quagga-users/2017-September/thread.html

/kc


On Sat, Sep 30, 2017 at 05:30:03PM +0200, Niels Raijer said:
  >My message to NANOG about this from 12:31 UTC today is still in the
moderation queue. I had opened a support case with Cogent before writing my
message to NANOG and Cogent has let me know approximately 40 minutes ago
that they have contacted their customer.
  >
  >Niels
  >
  >
  >
  >On 30 Sep 2017, at 17:09, sthaug () nethelp no wrote:
  >
  >>> If you're on cogent, since 22:30 UTC yesterday or so this has been
happening
  >>> (or happened).
  >>
  >> Still happening here. I count 562 prepends (563 * 262197) in the
  >> advertisement we receive from Cogent. I see no good reason why we
  >> should accept that many prepends.
  >>
  >> Steinar Haug, Nethelp consulting, sthaug () nethelp no
  >

--
Ken Chase - math () sizone org  Guelph Canada

Current thread:

Re: AS PATH limits, (continued)
- Re: AS PATH limits Tom Beecher (Sep 20)
  - Re: AS PATH limits craig washington (Sep 22)
- RE: AS PATH limits Jakob Heitz (jheitz) (Sep 21)
- Re: AS PATH limits Ken Chase (Sep 30)
  - Re: AS PATH limits sthaug (Sep 30)
    - Re: AS PATH limits jim deleskie (Sep 30)
    - Message not available
    - Re: AS PATH limits Ken Chase (Sep 30)
    - Re: AS PATH limits Christopher Morrow (Sep 30)
    - Re: AS PATH limits Ken Chase (Sep 30)
    - Re: AS PATH limits William Herrin (Sep 30)
    - Re: AS PATH limits Hank Nussbacher (Sep 30)
    - Re: AS PATH limits Mikael Abrahamsson (Sep 30)