[nsp-sec] Crafted bgp update msg may cause slave retocrashJunOS.

Paul Goyette pgoyette at juniper.net
Fri Sep 19 11:25:01 EDT 2008 

I can't speak for brand-C.

If a Juniper router accepts the route and installs it with
the appropriate path attribute, then we can propagate it.

Paul Goyette
Juniper Networks Customer Service
JTAC Senior Escalation Engineer
Juniper Security Incident Response Team
PGP Key ID 0x53BA7731 Fingerprint:
  FA29 0E3B 35AF E8AE 6651
  0786 F758 55DE 53BA 7731 

> -----Original Message-----
> From: Smith, Donald [mailto:Donald.Smith at qwest.com] 
> Sent: Friday, September 19, 2008 8:07 AM
> To: Chris Morrow; Paul Goyette
> Cc: Sayadian, Greg; robt at cymru.com; nsp-security at puck.nether.net
> Subject: RE: [nsp-sec] Crafted bgp update msg may cause slave 
> retocrashJunOS.
> 
> Does this imply that peering routers will propagate the crafted bgp
> update?
> Does both cisco and juniper propagate the crafted packet?
> 
> 
> Security through obscurity WORKS against some worms and ssh attacks:)
> Donald.Smith at qwest.com giac 
> 
> > -----Original Message-----
> > From: Chris Morrow [mailto:morrowc at ops-netman.net] 
> > Sent: Thursday, September 18, 2008 6:17 PM
> > To: Paul Goyette
> > Cc: Smith, Donald; Sayadian, Greg; robt at cymru.com; 
> > nsp-security at puck.nether.net
> > Subject: RE: [nsp-sec] Crafted bgp update msg may cause slave 
> > retocrashJunOS.
> > 
> > 
> > 
> > On Thu, 18 Sep 2008, Paul Goyette wrote:
> > 
> > > If the specifically-crafted BGP update gets delivered to BGP, you
> > > will have a problem.
> > 
> > right, so... tcp-md5 no helpy :(
> > 
> > >> -----Original Message-----
> > >> From: Chris Morrow [mailto:morrowc at ops-netman.net]
> > >> Sent: Thursday, September 18, 2008 5:04 PM
> > >> To: Paul Goyette
> > >> Cc: Smith, Donald; Sayadian, Greg; robt at cymru.com;
> > >> nsp-security at puck.nether.net
> > >> Subject: RE: [nsp-sec] Crafted bgp update msg may cause slave
> > >> re tocrashJunOS.
> > >>
> > >>
> > >>
> > >> On Thu, 18 Sep 2008, Paul Goyette wrote:
> > >>
> > >>> MD5 check happens at the tcp layer, and packets that fail
> > >>> don't get delivered to the application (ie, BGP) layer.
> > >>
> > >> so, if this is a bgp update issue it'll get the md5 properly
> > >> on both side,
> > >> eh? and... still have the problem. if it's in a valid update :(
> > >>
> > >
> > 
> 
> 
> This communication is the property of Qwest and may contain 
> confidential or
> privileged information. Unauthorized use of this 
> communication is strictly 
> prohibited and may be unlawful.  If you have received this 
> communication 
> in error, please immediately notify the sender by reply 
> e-mail and destroy 
> all copies of the communication and any attachments.
>

More information about the nsp-security mailing list