[c-nsp] Research experiment disrupts Internet, for some
Gabriel
jarod125 at gmail.com
Mon Aug 30 17:42:24 EDT 2010
See Tassos' (very detailed) explanation:
http://ccie-in-3-months.blogspot.com/2010/08/decoding-ripe-experiment.html
On Tue, Aug 31, 2010 at 12:04 AM, Keegan Holley
<keegan.holley at sungard.com> wrote:
> Is anyone else curious as to what fields/attributes they were using? Also,
> what other vendors are or aren't affected. I think the response to this
> even has been remarkably limited given the possibility for it's use as an
> attack. If this were windows or linux there would have been full disclosure
> with example exploit code by now. Everyone seems to be content just
> upgrading their quarter million dollar routers and hoping for the best.
>
> 2010/8/30 Antonio Soares <amsoares at netcabo.pt>
>
>> Now that i have more information I can tell you that you are 100% correct.
>> So let's upgrade the IOS-XR devices first then those running IOS. I'm
>> curious to see if the IOS issue is a known or new bug.
>>
>>
>> Regards,
>>
>> Antonio Soares, CCIE #18473 (R&S/SP)
>> amsoares at netcabo.pt
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lukasz Bromirski
>> Sent: segunda-feira, 30 de Agosto de 2010 00:18
>> To: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] Research experiment disrupts Internet, for some
>>
>> On 2010-08-29 19:59, Jared Mauch wrote:
>>
>> > IOS-XR had a bug processing valid bgp updates. This has happened
>> > in the past as well with 4-byte ASNs and other things over the
>> > years.
>>
>> [...]
>>
>> > If the software is old, they likely saw a bug. If you don't
>> > maintain your BGP speaking devices software revisions, you will
>> > likely see problems.
>>
>> What's most propable IMHO is that the GSR dropped the session to
>> BGP-speaker which was indeed IOS-XR box, then dCEF ran out of
>> memory on the LCs (for example because of memory fragmentation or
>> some bug indeed) and the issue happened.
>>
>> This is of course based on incomplete data - if there was any
>> session directly established to IOS-XR box for starters.
>>
>> --
>> "Everything will be okay in the end. | Łukasz Bromirski
>> If it's not okay, it's not the end." | http://lukasz.bromirski.net
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list