[nsp-sec] Crafted bgp update msg may cause slave retocrashJunOS.

[Smith, Donald]

Does this imply that peering routers will propagate the crafted bgp
update?
Does both cisco and juniper propagate the crafted packet?


Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: Chris Morrow [mailto:morrowc at ops-netman.net] 
> Sent: Thursday, September 18, 2008 6:17 PM
> To: Paul Goyette
> Cc: Smith, Donald; Sayadian, Greg; robt at cymru.com; 
> nsp-security at puck.nether.net
> Subject: RE: [nsp-sec] Crafted bgp update msg may cause slave 
> retocrashJunOS.
> 
> 
> 
> On Thu, 18 Sep 2008, Paul Goyette wrote:
> 
> > If the specifically-crafted BGP update gets delivered to BGP, you
> > will have a problem.
> 
> right, so... tcp-md5 no helpy :(
> 
> >> -----Original Message-----
> >> From: Chris Morrow [mailto:morrowc at ops-netman.net]
> >> Sent: Thursday, September 18, 2008 5:04 PM
> >> To: Paul Goyette
> >> Cc: Smith, Donald; Sayadian, Greg; robt at cymru.com;
> >> nsp-security at puck.nether.net
> >> Subject: RE: [nsp-sec] Crafted bgp update msg may cause slave
> >> re tocrashJunOS.
> >>
> >>
> >>
> >> On Thu, 18 Sep 2008, Paul Goyette wrote:
> >>
> >>> MD5 check happens at the tcp layer, and packets that fail
> >>> don't get delivered to the application (ie, BGP) layer.
> >>
> >> so, if this is a bgp update issue it'll get the md5 properly
> >> on both side,
> >> eh? and... still have the problem. if it's in a valid update :(
> >>
> >
> 


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.