[196061] in North American Network Operators' Group
Re: AS PATH limits
daemon@ATHENA.MIT.EDU (Ken Chase)
Sat Sep 30 12:47:28 2017
X-Original-To: nanog@nanog.org
Date: Sat, 30 Sep 2017 12:47:26 -0400
From: Ken Chase <math@sizone.org>
To: Niels Raijer <niels@fusix.nl>
In-Reply-To: <250E7C00-8917-46AA-8581-C74933BE75B0@fusix.nl>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
I dont see that as the solution. Someone else will offend again.
However, I also don't see trusting major backbones as our filters (for many
other reasons). Our software should be handling what's effectively a buffer overflow
or equivalent (beware long paths that are actually shellcode).
Quagga among others seems to be subject to this bug, pre 0.99.23 or so
(.99.24+ seems ok). So upgrading is a solution.
There was also some chatter on the quagga mailing list on how it's more
pleasant to stab your eyeballs out rather than constructing extremely long
regexp's that might work as a filter.
https://lists.quagga.net/pipermail/quagga-users/2017-September/thread.html
/kc
On Sat, Sep 30, 2017 at 05:30:03PM +0200, Niels Raijer said:
>My message to NANOG about this from 12:31 UTC today is still in the moderation queue. I had opened a support case with Cogent before writing my message to NANOG and Cogent has let me know approximately 40 minutes ago that they have contacted their customer.
>
>Niels
>
>
>
>On 30 Sep 2017, at 17:09, sthaug@nethelp.no wrote:
>
>>> If you're on cogent, since 22:30 UTC yesterday or so this has been happening
>>> (or happened).
>>
>> Still happening here. I count 562 prepends (563 * 262197) in the
>> advertisement we receive from Cogent. I see no good reason why we
>> should accept that many prepends.
>>
>> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
>
--
Ken Chase - math@sizone.org Guelph Canada
