nanog mailing list archives
Re: JunOS/FRR/Nokia et al BGP critical issue
From: Steve Noble <snoble () sonn com>
Date: Wed, 30 Aug 2023 08:29:21 -0700
Tom Beecher wrote on 8/30/23 8:22 AM:
Literally the first thing that came into my mind was the as-set issue from 2 decades ago where some vendors passed it, others dropped sessions..vendors should adopt RFC7606 Yes and not be absolutely awful at responding to vulnerability reporting.1. This isn't exactly new. It's been possible to do this since the original days of BGP.
2. Probably not wise to assume that's accurate just because he thinks that is true.On Wed, Aug 30, 2023 at 11:02 AM <jeffm () iglou com <mailto:jeffm () iglou com>> wrote:Fair update. To be clear, though, the main point of the article stands, and is maybe even strengthened by the update. A corrupted attribute def can cause the behavior (personal experience speaking here with a different attribute) and vendors should adopt RFC7606 and not be absolutely awful at responding to vulnerability reporting. On Aug 30, 2023 10:43 AM, "Jakob Heitz (jheitz) via NANOG" <nanog () nanog org <mailto:nanog () nanog org>> wrote: The blog was updated. Correct link: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling The attribute was not malformed. This is the hex dump of the attribute: “E0 1C 00” It is described here. https://www.rfc-editor.org/rfc/rfc6790#section-5.2 This attribute is deprecated, but that does not prevent routers from originating it or passing it on. Kind Regards, Jakob ----------------- Original message -------------- From: Mike Lyon <mike.lyon () gmail com <mailto:mike.lyon () gmail com>> To: NANOG list <nanog () nanog org <mailto:nanog () nanog org>> Ran across this article today and haven't seen posts about it so i figured I would share: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling?fbclid=IwAR13ePY43Vf3u4X8PDyCDT39DtyXczAKkv6CGXOQbcQv90Y3aIAmTkJxn7k_aem_Ad0hzj2Mh_WlbFZug-vGdlJJdXr2Xo0RFIsPwAU2GviPz6xZDib76YHwFuzU7E0_sJk&mibextid=Zxz2cZ Curious if anyone on the list is running VyOS and has experienced any problems? Cheers, Mike-- Mike Lyonmike.lyon () gmail com <mailto:mike.lyon () gmail com> http://www.linkedin.com/in/mlyon
-- Thank you, Steven
Current thread:
- JunOS/FRR/Nokia et al BGP critical issue Mike Lyon (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Mark Prosser (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jeff Tantsura (Aug 31)
- Re: JunOS/FRR/Nokia et al BGP critical issue William Herrin (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Eugeniu Patrascu (Aug 30)
- <Possible follow-ups>
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue jeffm (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Tom Beecher (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Steve Noble (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue jeffm (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Jakob Heitz (jheitz) via NANOG (Aug 30)
- Re: JunOS/FRR/Nokia et al BGP critical issue Mark Prosser (Aug 30)