[6588] in North American Network Operators' Group
Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...
daemon@ATHENA.MIT.EDU (Tony Li)
Fri Dec 20 22:36:23 1996
Date: Fri, 20 Dec 1996 19:23:56 -0800 (PST)
From: Tony Li <tli@jnx.com>
To: ophir@internap.com
CC: amb@xara.net, tli@jnx.com, david@sparks.net, nanog@merit.edu
In-reply-to: <Pine.LNX.3.95.961220141352.23681D-100000@nereus.internap.com>
(message from Ophir Ronen on Fri, 20 Dec 1996 14:38:00 -0800 (PST))
> Indeed. For instance SYN-flood the BGP port.
Correct me if I'm wrong but to the best of my recollection, in
order for a packet to be accepted on the BGP port, it must be originating
from a configured BGP peer. Since the SYN flood method relies on the
attack originating from an unreachable (yet routable) address, it would
seem that this approach will fail.
If you're out for a true DoS attack, it need not even be a SYN attack.
Simply flooding the BGP port would be quite enough to bring the system to
its knees. Forge a known peer's source address, and even the CPU that it
burns testing for authentication and discarding packets would be enough to
be fatal.
The important point is that you can't distinguish the good from the bad
without a whole lot of work.
Tony
