[70393] in North American Network Operators' Group
Re: BGP Exploit
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Thu May 13 08:17:44 2004
In-Reply-To: <71E4603E9370D51190A90080C82D91BB794D87@mail.office.avensys.net>
Cc: nanog@merit.edu
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Thu, 13 May 2004 14:16:32 +0200
To: Mark Johnson <mark@avensys.net>
Errors-To: owner-nanog-outgoing@merit.edu
On 13-mei-04, at 13:31, Mark Johnson wrote:
> I think what I'm trying to ask is:
> 1. Does anyone know if the exploit is actually being used? and
> 2. I assume there is no way to identify an exploit reset from the usual
> resets caused by routers hanging, ports failing, DDoS's, etc. However,
> I
> thought I'd ask...
This is from a couple of weeks, give or take, on an interface with 100
or so peers:
deny tcp any any eq bgp rst log-input (3714 matches)
If this is an attack I wish they were all like this. :-)
