[69819] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (Crist Clark)
Tue Apr 20 16:57:03 2004
Date: Tue, 20 Apr 2004 13:44:58 -0700
From: Crist Clark <crist.clark@globalstar.com>
In-reply-to: <4C1EBDF5-9302-11D8-B101-000A9578BB58@ianai.net>
To: "Patrick W.Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Patrick W.Gilmore wrote:
>
> On Apr 20, 2004, at 3:24 PM, Stephen J. Wilcox wrote:
>
>> On Tue, 20 Apr 2004, James wrote:
>>
>>> i can see this 'attack' operational against a multihop bgp session
>>> that's
>>> not md5'd.
>>>
>>> now the question is... would this also affect single-hop bgp sessions?
>>> my understanding would be no, as single-hops require ttl set to 1.
>>
>>
>> you can engineer packets to make sure they have the right ttl when
>> they arrive,
>> ie if your 10 hops away, set ttl to 10 and it will be 1 on arrival :)
>
>
> Not if you use the TTL hack.
>
> Seems like that would be much more useful, and less CPU intensive, and
> less prone to user error, etc., etc. than MD5
But it has limited effectiveness for multi-hop sessions. There is the
appeal of a solution that does not depend of the physical layout of the
BGP peers.
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
