[c-nsp] About the posting entitled "Heads up: "sh ip bgp regexp" crashing router"
Nicolas FISCHBACH
nicolist at securite.org
Fri Aug 17 17:01:04 EDT 2007
Dario Ciccarone (dciccaro) wrote:
>
> We have reports of some publicly available
> BGP looking glasses (which, as we all know, don't require
> credentials to login) being crashed due to this issue.
This is probably obvious too, you may crash a RS accessible via
telnet (which is usually not passing customer traffic) but in the
case of the LG server with larger providers you can usually pick
which router (usually key peering or core routers) to run the
command on from a drop down list and then possibly remotely crash it.
The LG script is just a Web<->telnet/SSH proxy faciliting the DoS
in this case... i.e. filter at that level, remove this command from
the allowed set in TACACS for the "virtual" user, etc.
Nico.
--
Nicolas FISCHBACH
Senior Manager - Network Engineering/Security - COLT Telecom
e:(nico at securite.org) w:<http://www.securite.org/nico/>
More information about the cisco-nsp
mailing list