North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: BGP Exploit
- From: Patrick W.Gilmore
- Date: Thu May 06 07:28:52 2004
On May 5, 2004, at 7:31 PM, Christopher L. Morrow wrote:
Does this mean you think a cisco would survive a gigabit of traffic
from a "valid" peer directed at the CPU? I admit I have not tested
this, but past experience with similar things would imply _any_ router
cisco makes would fall over in such a situation - at best just wedging
and not doing anything (pass packets, SMNP, SSH, etc.), and perhaps
rebooting, depending upon IOS / model.
On Wed, 5 May 2004, Patrick W.Gilmore wrote:
On May 5, 2004, at 2:39 PM, Smith, Donald wrote:
No. The router stays up. The tool I use is very fast. It floods the
to the point that that interface is basically unusable but the router
itself stays up only the session is torn down. I did preformed these
tests in a lab and did
not have full bgp routing tables etc ... so your mileage may vary.
That is DAMNED impressive. I've never seen a router which can take a
Gigabit of traffic to its CPU and stay up. What kind of router was
this? You mentioned Juniper and Cisco before, but I know a cisco will
fall over long before a gigabit and a Juniper either does or drops
packets destined for the CPU (but keeps routing).
recieve-path acl and recieve-path-limits perhaps on a cisco will allow
survival? Though if this is 'bgp' from a valid peer it seems likely to
crunch it either way.
Agreed. Which makes the test ... not 100% valid.
Perhaps it was rate limiting the # of packets which reached the CPU,
and the session stayed up because the "magic" packet was dropped in
That sees likely.
Hrmmm.... I wonder how many miscreants tried the MD5 thing and just
sent 100K pps to the router to reset a session really fast, then failed
'cause most of their packets were dropped?