[nsp] bgp vulnerability, just note
jlewis at lewis.org
jlewis at lewis.org
Thu Apr 22 15:46:39 EDT 2004
On Thu, 22 Apr 2004, Stephen J. Wilcox wrote:
> But you can do it on loopbacks too, most networks allocate loopbacks/link
> addresses etc from pre-reserved blocks, so find one and you can guess the rest
> (a traceroute will confirm it). As to how to find it, look for the IP blocks
> labelled as infrastructure, and/or go for the lowest/highest /24s in their
> allocation, and/or do some rdns lookups which are usually very informative
>
> Also, if the provider has a looking glass, just sh ip bgp sum and you
> should get a complete list of all the ibgp peers...
Also, some NSPs run LG web interfaces that appear to be able to connect to
many (all?) of their routers, and a show ip bg a.b.c.d on the right router
will give you the loopback IP the announcement came from if a "secret
loopback IP" was used in ebgp instead of the customer<->provider interface
IP to try making the IP harder to guess.
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list