Home page logo

dailydave logo Dailydave mailing list archives

Re: tubes clogged
From: Jess Kitchen <jess.kitchen () adjacentnetworks net>
Date: Mon, 29 Dec 2008 20:36:46 +0000 (GMT)

I'm thinking an attack that causes BGP peers (glue of the internet)
to go through a cascading flapping mechanism forcing them to
continuously dampen each other till they keep breaking adjacency
with each other.

In my experience one bad path being penalised actually affects all paths 
for a particular prefix available for consideration- this is one reason 
why flap dampening became unfashionable as it potentially does more harm 
than good.

I think your idea should only actually be applicable to multihop EBGP 
sessions, and even then I can't see how you would essentially flap the 
intermediate linknets to cause this (take a directly connected /30 or 
exchange point prefix- in many cases they aren't even carried in BGP as 
more specifics)

The legal angle mentioned in the vague descriptions I've seen suggest that 
a major vendor (vendors?) has been reversed or fuzzed to good effect - 
one-packet session teardown perhaps-  something to do with BFD?

Throw in GTSM and uRPF on most sensible networks too and the attack won't 
get to the control plane, so..

I'm interested, that's for sure ;)

Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]