[70185] in North American Network Operators' Group
RE: BGP Exploit
daemon@ATHENA.MIT.EDU (Smith, Donald)
Tue May 4 14:25:05 2004
Date: Tue, 4 May 2004 12:24:17 -0600
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: "Steven M. Bellovin" <smb@research.att.com>,
"Kurt Erik Lindqvist" <kurtis@kurtis.pp.se>
Cc: <kwallace@pcconnection.com>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
I have seen 3 pubic ally available tools that ALL work.
I have seen 2 privately tools that work.
A traffic generator can be configured to successfully tear down bgp
sessions.
Given src/dst ip and ports :
I tested with a cross platform EBGP peering with md5 using several of
the tools I could not tear down the sessions.
I tested both Cisco and juniper BGP peering after code upgrades without
md5 I could not tear down the sessions.
Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xAF00EDCC
pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC
kill -13 111.2=20
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On=20
> Behalf Of Steven M. Bellovin
> Sent: Tuesday, May 04, 2004 11:54 AM
> To: Kurt Erik Lindqvist
> Cc: kwallace@pcconnection.com; nanog@merit.edu
> Subject: Re: BGP Exploit=20
>=20
>=20
>=20
>=20
> In message=20
> <C4E8C22A-9DA6-11D8-B28B-000A95928574@kurtis.pp.se>, Kurt=20
> Erik Lindq vist writes:
>=20
> >>
> >> Now that the firestorm over implementing Md5 has quieted=20
> down a bit,=20
> >> is anybody aware of whether the exploit has been used?=20
> Feel free to=20
> >> reply off list.
> >
> >Even more interesting, did anyone manage to reproduce it?
> >
>=20
> I don't know if it's being used; I know that reimplementations of the=20
> idea are out there.
>=20
>=20
> --Steve Bellovin, http://www.research.att.com/~smb
>=20
>=20
>=20
