[c-nsp] Research experiment disrupts Internet, for some

Peter Rathlev peter at rathlev.dk
Mon Aug 30 18:06:06 EDT 2010


On Mon, 2010-08-30 at 17:04 -0400, Keegan Holley wrote:
> Is anyone else curious as to what fields/attributes they were using?
> Also, what other vendors are or aren't affected.  I think the response
> to this even has been remarkably limited given the possibility for
> it's use as an attack.  If this were windows or linux there would have
> been full disclosure with example exploit code by now.  Everyone seems
> to be content just upgrading their quarter million dollar routers and
> hoping for the best.

According to an article in a local (in Denmark) online news site they
have avoided full disclosure because of possible legal implications.

Translated from the article:

" It is not clear why the RIPE NCC and Duke tried these new
" [attributes].
"
" One of the researchers behind the experiment, assistant professor from
" Duke University Xiaowei Yang, refuses to talk about the details behind
" the experiment for legal reasons.

http://epn.dk/teknologi2/computer/sikkerhed/article2167247.ece

Anybody know if they have this right? RIPE have issued an official
statement, but (AFAICT) have not taken part in the ongoing discussion
e.g. found on NANOG-ML.

-- 
Peter

> 
> 2010/8/30 Antonio Soares <amsoares at netcabo.pt>
> 
> > Now that i have more information I can tell you that you are 100% correct.
> > So let's upgrade the IOS-XR devices first then those running IOS. I'm
> > curious to see if the IOS issue is a known or new bug.
> >
> >
> > Regards,
> >
> > Antonio Soares, CCIE #18473 (R&S/SP)
> > amsoares at netcabo.pt
> >
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lukasz Bromirski
> > Sent: segunda-feira, 30 de Agosto de 2010 00:18
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Research experiment disrupts Internet, for some
> >
> > On 2010-08-29 19:59, Jared Mauch wrote:
> >
> > > IOS-XR had a bug processing valid bgp updates.  This has happened
> > > in the past as well with 4-byte ASNs and other things over the
> > > years.
> >
> > [...]
> >
> > > If the software is old, they likely saw a bug.  If you don't
> > > maintain your BGP speaking devices software revisions, you will
> > > likely see problems.
> >
> > What's most propable IMHO is that the GSR dropped the session to
> > BGP-speaker which was indeed IOS-XR box, then dCEF ran out of
> > memory on the LCs (for example because of memory fragmentation or
> > some bug indeed) and the issue happened.
> >
> > This is of course based on incomplete data - if there was any
> > session directly established to IOS-XR box for starters.
> >
> > --
> > "Everything will be okay in the end.  |                 Łukasz Bromirski
> >  If it's not okay, it's not the end." |      http://lukasz.bromirski.net
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list