Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: "Cisco gate" - Payload Versus Vector

  • From: Randy Bush
  • Date: Tue Aug 02 17:50:17 2005

very helpful analysis.  some questions:

even without stiffling the heap check via crashing_already (i.e. a
'fix' is developed for that weakness), is the 30-60 second window
sufficient to do serious operational damage.  i.e. what could an
attacker do with a code injection with a mean life as short as
15-30 seconds?  that seems a bit short for a direct routing
injection of much worth.  but how about a damping attack (flap the
victim's route enough to cause everyone to damp them), or would
mrai stiffle that?  could it be used to cascade to a neighbor?  i
suppose that diverting the just the right 15-30 seconds of traffic
could be profitable.

secondly, is there reason not to believe that the attack vectors
might be at layer two, mpls, as well as layer three, ip?  i.e. the
"internet-free core" gambit does not reduce exposure to this one?

> The "bad guys" are discussing the issues and we should think long
> and hard before we muzzle the "good guys".

http://rip.psg.com/~randy/draft-ymbk-obscurity-00.txt is a bit old,
but seems relevant.

randy





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.