[nsp-sec] mpls MFI dos
Chris Morrow
morrowc at ops-netman.net
Thu Sep 25 10:38:53 EDT 2008
On Thu, 25 Sep 2008, Ilker Temir wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> On Wed, 24 Sep 2008, Ilker Temir wrote:
>>
>>> ----------- nsp-security Confidential --------
>>>
>> Don, All,
>>
>> As you can appreciate we cannot share the exact details of the offending
>> packet. But I can confirm that the trigger is a malformed MPLS packet.
>> Such packets need to be crafted specifically. This issue will not be
>> triggered by normal/legitimate MPLS packets.
>>
>> Hope this answers your question.
>>
>>> sure.. what about corrupted packets leaving an interface though? so, is
>>> this a controlplane packet? (rsvp/ldp or even mpbgp?) or is this a
>>> labelled data packet?
>
> It can't be triggered by control plane packets. Trigger is a malformed
> labeled packet.
great, and the details have been shared with Juniper/blah so in the case
that they mishandle packets in the same way we'd get notifications from
their PSIRT equivalents as well?
-Chris
More information about the nsp-security
mailing list