[j-nsp] stealth bgp vulnerability?

Rob Walton robert.walton at dante.org.uk
Thu Apr 15 10:42:45 EDT 2004 

At 01:39 15/04/2004 -0400, Richard A Steenbergen wrote:
>On Wed, Apr 14, 2004 at 04:06:04PM +0100, Damon Pegg wrote:
>
> > Something sneaky maybe occuring?  Following a couple of prominent UK IX
> > members suddenly demanding the use of MD5 on EBGP sessions Juniper TAC
> > confirmed a related BGP security vulnerability but wouldnt give us any
> > info beyond asking that we comply with any requests from upstreams
> > and/or peers to use MD5.  A little cloak and dagger methinks.  Can
> > anyone shed more light?
>
>I don't suppose now would be a good time for someone to either
>
>a) come up with some kind of public key mechanism for swapping the MD5
>passwords between routers without needing hundreds of phone calls to
>exchange and coordinate password deployment
>
>and/or
>
>b) start to implement the ttl trick.


As i understand it their isn't enough space in hardware to allow the ttl 
hack... I'm sure Paul Goyette can verify this.

As regards this BGP 'ploit i don't think its anything new and if you aren't 
already using MD5 and/or packet filters on your BGP borders to protect your 
core then you are asking for trouble - thankfully there seem to be lots of 
people who are 'asking for trouble' so the chances of receiving it are 
pretty slim. Plus 99% of hackers and crackers have very little knowledge of 
true networking... even Russian mafia choose to use same old same old DoS 
attacks on their blackmail victims than attack the poorly secured providers 
network.

I find it quite amusing that many people suddenly worry when a 
vulnerability like this comes along when there are so many easy ways to 
well and truely destroy many providers networks with some simple high rate 
packet crafting tools and a little tracerouting - how many people here who 
use MPLS-RSVP use the shared secret option and/or filter RSVP packets 
destined for their core equipment from entering their network??



>--
>Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
>GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp

_________________________________________________________________

* * Rob Walton - Network engineer
* *
* Francis House Tel +44 1223 302 992
* 112 Hills Road Fax +44 1223 303 005
* Cambridge CB2 1PQ
D A N T E United Kingdom
_________________________________________________________________

More information about the juniper-nsp mailing list