[nsp] bgp vulnerability

Majid Siddiq majid at pie.net.pk
Thu Apr 22 01:44:16 EDT 2004


Spoofed packets for BGP can be blocked if say someone add a feature in the
bgp implementation to check the TTL of 255. The directly connected neighbor
should source it with 255 TTL instead of 1. This should defeat the spoofed
packets sourced from more than one hop. 

Just a thought; maybe cisco can think on these lines.

Majid




More information about the cisco-nsp mailing list