[j-nsp] stealth bgp vulnerability?

Richard A Steenbergen ras at e-gerbil.net
Sun Apr 18 10:31:09 EDT 2004


On Thu, Apr 15, 2004 at 07:54:32AM -0700, Paul Goyette wrote:
> > As i understand it their isn't enough space in hardware to allow 
> > the ttl hack... I'm sure Paul Goyette can verify this.
> 
> For various reasons, including availability of space within the
> internal lookup-key data structures, the Internet Processor II
> ASIC is unable to filter on TTL.

Unfortunate... But you could at least implement the check on the RE, it
would be slightly better than nothing. :)

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list