John Fraizer author of MRLG one of the looking glass implementations
has updated his code to fix a flaw that provided too much information.
MRLG-4.3.0 is available at:
Available here:
ftp://ftp.enterzone.net/looking-glass/CURRENT/
Some route servers also provide too much info.
This audit was pe
esday, April 20, 2004 1:38 PM
> To: [EMAIL PROTECTED]
> Subject: tcp bgp vulnerability looking glass and route server issues.
> Sensitivity: Private
>
>
>
> John Fraizer author of MRLG one of the looking glass implementations
> has updated his code to fix a flaw that provi
PROTECTED] On Behalf Of
Lane Patterson
Sent: Wednesday, April 21, 2004 4:22 PM
To: Smith, Donald; [EMAIL PROTECTED]
Subject: RE: tcp bgp vulnerability looking glass and route server
issues.
Sensitivity: Private
While I agree that publicly open route-views routers should not allow
display of "
Lane Patterson wrote:
> While I agree that publicly open route-views routers should not allow
> display of "sho ip bgp nei" information, this is only giving away 4-tuple
> info regarding non-production BGP sessions, right? So folks could
> potentially flap the route-views sessions, but this will
On Wed, Apr 21, 2004 at 04:21:51PM -0700, Lane Patterson <[EMAIL PROTECTED]> wrote:
> While I agree that publicly open route-views routers should not allow
> display of "sho ip bgp nei" information, this is only giving away 4-tuple
> info regarding non-production BGP sessions, right? So folks co
riginal Message-
> From: Smith, Donald [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 20, 2004 1:38 PM
> To: [EMAIL PROTECTED]
> Subject: tcp bgp vulnerability looking glass and route server issues.
> Sensitivity: Private
>
>
>
> John Fraizer author of MRLG one of th