[c-nsp] Research experiment disrupts Internet, for some

Keegan Holley keegan.holley at sungard.com
Mon Aug 30 17:04:55 EDT 2010


Is anyone else curious as to what fields/attributes they were using?  Also,
what other vendors are or aren't affected.  I think the response to this
even has been remarkably limited given the possibility for it's use as an
attack.  If this were windows or linux there would have been full disclosure
with example exploit code by now.  Everyone seems to be content just
upgrading their quarter million dollar routers and hoping for the best.

2010/8/30 Antonio Soares <amsoares at netcabo.pt>

> Now that i have more information I can tell you that you are 100% correct.
> So let's upgrade the IOS-XR devices first then those running IOS. I'm
> curious to see if the IOS issue is a known or new bug.
>
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lukasz Bromirski
> Sent: segunda-feira, 30 de Agosto de 2010 00:18
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Research experiment disrupts Internet, for some
>
> On 2010-08-29 19:59, Jared Mauch wrote:
>
> > IOS-XR had a bug processing valid bgp updates.  This has happened
> > in the past as well with 4-byte ASNs and other things over the
> > years.
>
> [...]
>
> > If the software is old, they likely saw a bug.  If you don't
> > maintain your BGP speaking devices software revisions, you will
> > likely see problems.
>
> What's most propable IMHO is that the GSR dropped the session to
> BGP-speaker which was indeed IOS-XR box, then dCEF ran out of
> memory on the LCs (for example because of memory fragmentation or
> some bug indeed) and the issue happened.
>
> This is of course based on incomplete data - if there was any
> session directly established to IOS-XR box for starters.
>
> --
> "Everything will be okay in the end.  |                 Łukasz Bromirski
>  If it's not okay, it's not the end." |      http://lukasz.bromirski.net
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>


More information about the cisco-nsp mailing list