[j-nsp] stealth bgp vulnerability?
Richard A Steenbergen
ras at e-gerbil.net
Sun Apr 18 10:31:09 EDT 2004
On Thu, Apr 15, 2004 at 07:54:32AM -0700, Paul Goyette wrote:
> > As i understand it their isn't enough space in hardware to allow
> > the ttl hack... I'm sure Paul Goyette can verify this.
>
> For various reasons, including availability of space within the
> internal lookup-key data structures, the Internet Processor II
> ASIC is unable to filter on TTL.
Unfortunate... But you could at least implement the check on the RE, it
would be slightly better than nothing. :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list