Hi, > > What if sessions were attacked without MD5 in place. We > would just see > > session resets. As these happen anyway frequently at > peering points is > > there > > any straightforward way to determine if the vulnerability > caused the > > reset? > > If you're referring to session resets because of a peer or user > action then something akin to "Last reset due to FOO" can likely > be gleaned from "show bgp neighbor" output, especially since BGP > performs "graceful shutdown" via notification messages under normal > conditions
I think what I'm trying to ask is: 1. Does anyone know if the exploit is actually being used? and 2. I assume there is no way to identify an exploit reset from the usual resets caused by routers hanging, ports failing, DDoS's, etc. However, I thought I'd ask... Kind regards, Mark