tcp bgp vulnerability looking glass and route server issues.

2004-04-20 Thread Smith, Donald
John Fraizer author of MRLG one of the looking glass implementations has updated his code to fix a flaw that provided too much information. MRLG-4.3.0 is available at: Available here: ftp://ftp.enterzone.net/looking-glass/CURRENT/ Some route servers also provide too much info. This audit was pe

RE: tcp bgp vulnerability looking glass and route server issues.

2004-04-21 Thread Lane Patterson
esday, April 20, 2004 1:38 PM > To: [EMAIL PROTECTED] > Subject: tcp bgp vulnerability looking glass and route server issues. > Sensitivity: Private > > > > John Fraizer author of MRLG one of the looking glass implementations > has updated his code to fix a flaw that provi

RE: tcp bgp vulnerability looking glass and route server issues.

2004-04-21 Thread Burton, Chris
PROTECTED] On Behalf Of Lane Patterson Sent: Wednesday, April 21, 2004 4:22 PM To: Smith, Donald; [EMAIL PROTECTED] Subject: RE: tcp bgp vulnerability looking glass and route server issues. Sensitivity: Private While I agree that publicly open route-views routers should not allow display of "

RE: tcp bgp vulnerability looking glass and route server issues.

2004-04-21 Thread David Luyer
Lane Patterson wrote: > While I agree that publicly open route-views routers should not allow > display of "sho ip bgp nei" information, this is only giving away 4-tuple > info regarding non-production BGP sessions, right? So folks could > potentially flap the route-views sessions, but this will

Re: tcp bgp vulnerability looking glass and route server issues.

2004-04-21 Thread Troy Davis
On Wed, Apr 21, 2004 at 04:21:51PM -0700, Lane Patterson <[EMAIL PROTECTED]> wrote: > While I agree that publicly open route-views routers should not allow > display of "sho ip bgp nei" information, this is only giving away 4-tuple > info regarding non-production BGP sessions, right? So folks co

RE: tcp bgp vulnerability looking glass and route server issues.

2004-04-21 Thread Smith, Donald
riginal Message- > From: Smith, Donald [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 20, 2004 1:38 PM > To: [EMAIL PROTECTED] > Subject: tcp bgp vulnerability looking glass and route server issues. > Sensitivity: Private > > > > John Fraizer author of MRLG one of th