On Sat, 17 April 2004 11:21:24 +0200, Fredy Kuenzler wrote:
> >Is it a problem in BGP standard itself or a problem of the currently
> >available implementations from the vendors? What is the effect of
> >the hole, will it make sessions flap or does it allow to inject bogus
> >routing information into BGP?
>
> Noone obviously seems to know yet, except some people of Cisco, Juniper
> etc. I just can quote again the following:
Take the reply mail... (well, quoting parts of it)
--->
From: Adam Rothschild <[EMAIL PROTECTED]>
[..]
Correct. All of which takes a non-trivial amount of time, and
generates a non-trivial amount of packets, to execute. Unless, of
course, there's some newly discovered weakness which makes the
attacker's work easier, which remains to be seen.
Some food for thought, coming from a Juniper running 6.2R1.5 in its
default sysctl variables:
% sysctl -a | grep -i portrange
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
^^^^
[..]
----- End forwarded message -----
Now think about it. A tcp issue, not a BGP issue. Should
be pretty clear...
So a threat, but you generally should take it easy unless
you have eyeballs on your network and/or IRC servers or
whatever attracts the revenge of the average script kiddie,
trying to kick someone out of IRC or getting him out of some
game or so. Take it serious, but no wrong hurry, please. My
personal opinion only.
Regards,
Alexander,
nearly done
----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/
