[j-nsp] stealth bgp vulnerability?

Mark Thompson libra_mark at hotmail.com
Sat Apr 24 10:16:40 EDT 2004


Paul,

Your comment below indicates that you will be fixing this problem. Are you 
planning on implementing RFC 3682 The Generalized TTL Security Mechanism 
(GTSM).

My concern is that you will not be able to implement this in your current 
hardware i.e. IP II due to its lack of programability :(

Will you be provideing free upgrades to IP III;)

My understading is that Procket claim to have a fully programable ASIC 
architecture? Does anyone know if they can implement the GTSM RFC?

It could be a good test case for them.




>As i understand it their isn't enough space in hardware to allow the ttl 
>hack... I'm sure Paul Goyette can verify this.


For various reasons, including availability of space within the
internal lookup-key data structures, the Internet Processor II
ASIC is unable to filter on TTL today.
                                ^^^^^


Seems I missed one word in my earlier response!  :)

_________________________________________________________________
Test your ‘Travel Quotient’ and get the chance to win your dream trip! 
http://travel.msn.com



More information about the juniper-nsp mailing list