[70214] in North American Network Operators' Group
RE: BGP Exploit
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Wed May 5 12:17:04 2004
Date: Wed, 5 May 2004 18:15:58 +0200 (CEST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: "Smith, Donald" <Donald.Smith@qwest.com>
Cc: "Steven M. Bellovin" <smb@research.att.com>,
Kurt Erik Lindqvist <kurtis@kurtis.pp.se>,
<kwallace@pcconnection.com>, <nanog@merit.edu>
In-Reply-To: <2D00AD0E4D36D411BD300008C786E42412B26550@denntex021.ad.qintra.com>
Errors-To: owner-nanog-outgoing@merit.edu
Of more interest.. does the router die (cpu load) before you brute force the
sessions down
Steve
On Tue, 4 May 2004, Smith, Donald wrote:
>
> I have seen 3 pubic ally available tools that ALL work.
> I have seen 2 privately tools that work.
> A traffic generator can be configured to successfully tear down bgp
> sessions.
>
> Given src/dst ip and ports :
> I tested with a cross platform EBGP peering with md5 using several of
> the tools I could not tear down the sessions.
> I tested both Cisco and juniper BGP peering after code upgrades without
> md5 I could not tear down the sessions.
>
>
> Donald.Smith@qwest.com GCIA
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
> pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC
> kill -13 111.2
>
> > -----Original Message-----
> > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> > Behalf Of Steven M. Bellovin
> > Sent: Tuesday, May 04, 2004 11:54 AM
> > To: Kurt Erik Lindqvist
> > Cc: kwallace@pcconnection.com; nanog@merit.edu
> > Subject: Re: BGP Exploit
> >
> >
> >
> >
> > In message
> > <C4E8C22A-9DA6-11D8-B28B-000A95928574@kurtis.pp.se>, Kurt
> > Erik Lindq vist writes:
> >
> > >>
> > >> Now that the firestorm over implementing Md5 has quieted
> > down a bit,
> > >> is anybody aware of whether the exploit has been used?
> > Feel free to
> > >> reply off list.
> > >
> > >Even more interesting, did anyone manage to reproduce it?
> > >
> >
> > I don't know if it's being used; I know that reimplementations of the
> > idea are out there.
> >
> >
> > --Steve Bellovin, http://www.research.att.com/~smb
> >
> >
> >
>
