North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: BGP Exploit
No. The router stays up. The tool I use is very fast. It floods the GIGE to the point that that interface is basically unusable but the router itself stays up only the session is torn down. I did preformed these tests in a lab and did not have full bgp routing tables etc ... so your mileage may vary. [email protected] GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2 > -----Original Message----- > From: Stephen J. Wilcox [mailto:[email protected]] > Sent: Wednesday, May 05, 2004 10:16 AM > To: Smith, Donald > Cc: Steven M. Bellovin; Kurt Erik Lindqvist; > [email protected]; [email protected] > Subject: RE: BGP Exploit > > > Of more interest.. does the router die (cpu load) before you > brute force the > sessions down > > Steve > > On Tue, 4 May 2004, Smith, Donald wrote: > > > > > I have seen 3 pubic ally available tools that ALL work. > > I have seen 2 privately tools that work. > > A traffic generator can be configured to successfully tear down bgp > > sessions. > > > > Given src/dst ip and ports : > > I tested with a cross platform EBGP peering with md5 using > several of > > the tools I could not tear down the sessions. I tested both > Cisco and > > juniper BGP peering after code upgrades without md5 I > could not tear > > down the sessions. > > > > > > [email protected] GCIA > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC > > pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 > AF00 EDCC kill > > -13 111.2 > > > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] On > > > Behalf Of Steven M. Bellovin > > > Sent: Tuesday, May 04, 2004 11:54 AM > > > To: Kurt Erik Lindqvist > > > Cc: [email protected]; [email protected] > > > Subject: Re: BGP Exploit > > > > > > > > > > > > > > > In message > > > <[email protected]>, Kurt > > > Erik Lindq vist writes: > > > > > > >> > > > >> Now that the firestorm over implementing Md5 has quieted > > > down a bit, > > > >> is anybody aware of whether the exploit has been used? > > > Feel free to > > > >> reply off list. > > > > > > > >Even more interesting, did anyone manage to reproduce it? > > > > > > > > > > I don't know if it's being used; I know that reimplementations of > > > the > > > idea are out there. > > > > > > > > > --Steve Bellovin, http://www.research.att.com/~smb > > > > > > > > > > > > >
|