Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Exploit

  • From: Patrick W.Gilmore
  • Date: Thu May 06 07:28:52 2004

On May 5, 2004, at 7:31 PM, Christopher L. Morrow wrote:

On Wed, 5 May 2004, Patrick W.Gilmore wrote:

On May 5, 2004, at 2:39 PM, Smith, Donald wrote:

No. The router stays up. The tool I use is very fast. It floods the
GIGE
to the point that that interface is basically unusable but the router
itself stays up only the session is torn down. I did preformed these
tests in a lab and did
not have full bgp routing tables etc ... so your mileage may vary.
That is DAMNED impressive.  I've never seen a router which can take a
Gigabit of traffic to its CPU and stay up.  What kind of router was
this?  You mentioned Juniper and Cisco before, but I know a cisco will
fall over long before a gigabit and a Juniper either does or drops
packets destined for the CPU (but keeps routing).
recieve-path acl and recieve-path-limits perhaps on a cisco will allow
survival? Though if this is 'bgp' from a valid peer it seems likely to
crunch it either way.
Does this mean you think a cisco would survive a gigabit of traffic from a "valid" peer directed at the CPU? I admit I have not tested this, but past experience with similar things would imply _any_ router cisco makes would fall over in such a situation - at best just wedging and not doing anything (pass packets, SMNP, SSH, etc.), and perhaps rebooting, depending upon IOS / model.


Perhaps it was rate limiting the # of packets which reached the CPU,
and the session stayed up because the "magic" packet was dropped in the
rate limiting?

That sees likely.
Agreed. Which makes the test ... not 100% valid.

Hrmmm.... I wonder how many miscreants tried the MD5 thing and just sent 100K pps to the router to reset a session really fast, then failed 'cause most of their packets were dropped?

--
TTFN,
patrick





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.