[69935] in North American Network Operators' Group
RE: tcp bgp vulnerability looking glass and route server issues.
daemon@ATHENA.MIT.EDU (David Luyer)
Wed Apr 21 20:11:18 2004
From: "David Luyer" <david@luyer.net>
To: <nanog@merit.edu>
Date: Thu, 22 Apr 2004 10:10:17 +1000
In-Reply-To: <F601CBBB9ADC134D85D0D5A0A0998E56A3B118@webmail.equinix.com>
Errors-To: owner-nanog-outgoing@merit.edu
Lane Patterson wrote:
> While I agree that publicly open route-views routers should not allow
> display of "sho ip bgp nei" information, this is only giving away =
4-tuple
> info regarding non-production BGP sessions, right? So folks could
> potentially flap the route-views sessions, but this will not affect =
any
> production routing in the data path.
>=20
> If any folks are allowing "sho ip bgp nei" via looking glass interface =
to
> a production router, then yes, that is a problem. I haven't seen any.
I've seen direct looking glasses into IX routers, into SP production =
routers
and to routers which peer with major routers - where you could consider
that resetting the session frequently could start having CPU impact on
the router connected to the route server.
They're all potential impacting problems.
Also if checking if you have a problem make sure you don't permit:
sh ip bgp nei
sh ip bgp nei x.x.x.x
sh tcp
David.
