On Sat, 17 April 2004 11:21:24 +0200, Fredy Kuenzler wrote: > >Is it a problem in BGP standard itself or a problem of the currently > >available implementations from the vendors? What is the effect of > >the hole, will it make sessions flap or does it allow to inject bogus > >routing information into BGP? > > Noone obviously seems to know yet, except some people of Cisco, Juniper > etc. I just can quote again the following:
Take the reply mail... (well, quoting parts of it) ---> From: Adam Rothschild <[EMAIL PROTECTED]> [..] Correct. All of which takes a non-trivial amount of time, and generates a non-trivial amount of packets, to execute. Unless, of course, there's some newly discovered weakness which makes the attacker's work easier, which remains to be seen. Some food for thought, coming from a Juniper running 6.2R1.5 in its default sysctl variables: % sysctl -a | grep -i portrange net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 ^^^^ [..] ----- End forwarded message ----- Now think about it. A tcp issue, not a BGP issue. Should be pretty clear... So a threat, but you generally should take it easy unless you have eyeballs on your network and/or IRC servers or whatever attracts the revenge of the average script kiddie, trying to kick someone out of IRC or getting him out of some game or so. Take it serious, but no wrong hurry, please. My personal opinion only. Regards, Alexander, nearly done ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/