[69890] in North American Network Operators' Group
Re: TCP/BGP vulnerability - easier than you think
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Apr 21 07:24:47 2004
Date: Wed, 21 Apr 2004 13:23:54 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Daniel Roesen <dr@cluenet.de>
Cc: <nanog@merit.edu>
In-Reply-To: <20040421131951.A20340@homebase.cluenet.de>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 21 Apr 2004, Daniel Roesen wrote:
> > access-list 123 deny tcp any any eq bgp rst log-input
> > access-list 123 deny tcp any eq bgp any rst log-input
> > Unfortunately, not all vendors are able to look at the RST bit when
> > filtering...
> The general ignorance to the fact that SYN works as well is
> astonishing. :-)
What are you talking about?
