mailing list archives
Re: tubes clogged
From: Jess Kitchen <jess.kitchen () adjacentnetworks net>
Date: Mon, 29 Dec 2008 20:36:46 +0000 (GMT)
I'm thinking an attack that causes BGP peers (glue of the internet)
to go through a cascading flapping mechanism forcing them to
continuously dampen each other till they keep breaking adjacency
with each other.
In my experience one bad path being penalised actually affects all paths
for a particular prefix available for consideration- this is one reason
why flap dampening became unfashionable as it potentially does more harm
I think your idea should only actually be applicable to multihop EBGP
sessions, and even then I can't see how you would essentially flap the
intermediate linknets to cause this (take a directly connected /30 or
exchange point prefix- in many cases they aren't even carried in BGP as
The legal angle mentioned in the vague descriptions I've seen suggest that
a major vendor (vendors?) has been reversed or fuzzed to good effect -
one-packet session teardown perhaps- something to do with BFD?
Throw in GTSM and uRPF on most sensible networks too and the attack won't
get to the control plane, so..
I'm interested, that's for sure ;)
Dailydave mailing list
Dailydave () lists immunitysec com
Re: tubes clogged Adrien Krunch Kunysz (Dec 30)