Home page logo

nanog logo nanog mailing list archives

Re: What Worked - What Didn't
From: Jeff Aitken <jaitken () aitken com>
Date: Mon, 17 Sep 2001 18:22:40 -0400

On Mon, Sep 17, 2001 at 02:32:56PM -0700, Roeland Meyer wrote:
Why, IGP shouldn't even be visible from outside the border, neh? Internal
issues are, internal issues. If it leaks, plug the leak.

Randy said _think_ about it.  Does your IGP run over IP?  Might
that be a vector?  Might your customers have the ability to do
things that non-customers cannot?  Does your architecture require
you to mark all customer-facing interfaces as "passive"?  Do you
verify regularly that you don't have a misconfiguration in this
area?  Are you vulnerable to arp games at your point of customer-attach?
Do you have SNMP access to your routers carefully filtered?  Are
you running multicast?  Are there bugs that affect only multicast
routing?  Are you running code that is vulnerable to those bugs?
I'm sure there are other avenues of attack, but these are just a
few that we've considered here.

If I can compromise your IGP I have a very good chance of being
able to melt down your entire network, or at least large portions
of it, almost at will.  In large networks, IGPs tend to go absolutely
haywire when they fail and the resulting implosion often obliterates
most traces of the event that started it -- at the very least, one
has to sift through mountains of log data to find the beginning of
the end.  Having been through this once, and working with folks
who went through it elsewhere on even larger networks, I assure
you that recovery time from such an event can stretch from several
hours to a few days.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]