At 07:29 PM 6/20/2006 -0400, Richard A Steenbergen wrote:
On Tue, Jun 20, 2006 at 05:06:27PM -0400, Ross Callon wrote: ...I'd still like someone to explain why we're wasting man hours, CPU time, filling up our router logs, and potentially making DoS easier, for an attack that doesn't exist....
I think that it does make sense to be clear what attack or set of attacks we are trying to protect against. One type of attack is the TCP reset attack. I personally don't have a strong opinion regarding whether it is worth protecting against only this attack. Another potential attack is an attempt to insert information into a BGP session, such as to introduce bogus routes, or to even become a "man in the middle" of a BGP session. One issue that worries me about this is that if this allows routing to be compromised, then I can figure out how to make money off of this (and if I can think of it, someone even nastier will probably also think of this). Of course this would be much more difficult to pull off, and might require viewing packets between routers to pull off, but if pulled off and not quickly detected could be unfortunate. Ross