Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...

  • From: Ophir Ronen
  • Date: Fri Dec 20 17:44:01 1996

On Fri, 20 Dec 1996, Alex.Bligh wrote:

> 
> > I think that there's some lack of clarity on the problem here.  Anyone can
> > stream packets at ANY router and take it down.  If it's not ICMP, you can
> > simply forge routing protocol packets.  It's a question of simply
> > supersaturating the system.  To truly deal with DoS attacks, there are
> > basically three approaches:
> 
> Indeed. For instance SYN-flood the BGP port.

	Correct me if I'm wrong but to the best of my recollection, in
order for a packet to be accepted on the BGP port, it must be originating
from a configured BGP peer. Since the SYN flood method relies on the
attack originating from an unreachable (yet routable) address, it would
seem that this approach will fail. 

rfc-1771:

If the local system detects that a remote peer is trying to
establish BGP connection to it, and the IP address of the
remote peer is not an expected one, the local system restarts
the ConnectRetry timer, rejects the attempted connection,
continues to listen for a connection that may be initiated by
the remote BGP peer, and stays in the Active state.



-Ophir



- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.