Re: tcp md5 bgp attacks?

[joel jaeggli <joelja () bogus com>]

On 8/14/18 7:27 PM, Randy Bush wrote:
> < rathole >
> i am not much worried about a mesh which floods unicast.  can you even
> buy devices which support that any more?  a while back, i had to really
> dig in the closet to find one at 100mbps so i could shark mid-stream.
I'm not actually worried about it because it is rare, and not a feature,
that said, unicast flooding is in fact something we detect on exchanges
with a fair amount of frequency e.g. 2-3 a week across the exchanges
were we are present. That traffic gets discarded on our ingress but you
can count dport 179  packets in there that aren't yours. I certainly
wouldn't build a business model around gaining insight from that
information leakage (and the bulk of the traffic is whatever the
neighbor is exchanging, with someone else, from looking at mac's that
sort of thing tends to be one sided unless for example it's a whole switch).
> > I have thousands of establish connections that last a very long time
> > at public exchange points, so the threat of tcp rsts to sessions is
> > clearly not being realized.