On Thu, 9 Sep 1999, Sean Butler wrote:
>
> > >
> > > If I recall, there was a TCP CONNECT crash bug not fixed until 26CC...
> > > That means a telnet to the box, or a bgp session, could crash the box.
> We
> > > never got a real idea of how prevalent it was though...
> > >
> >
> > That is what access lists are for. :)
> >
>
> Hmm, I think on a telnet, the TCP connect would come in before the acl's
> are hit.... For BGP sessions, those require TCP connects, and you can't
> really stop them! But if you haven't hit a router crash due to this
> already,
> and you've been running the code for a while, I wouldn't worry about it.
Access lists (like deny ip any <router IPs>) come in before our router
accepts anything telnetwise in my experience.
We can control which MAC addresses we talk to (BGPwise), if one of our
direct peers is trying to crash our router, or even probe it, they won't
stay peers for very long. :)
Thanks for the insight,
Deepak Jain
AiNET
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:05 EDT