very helpful analysis. some questions: even without stiffling the heap check via crashing_already (i.e. a 'fix' is developed for that weakness), is the 30-60 second window sufficient to do serious operational damage. i.e. what could an attacker do with a code injection with a mean life as short as 15-30 seconds? that seems a bit short for a direct routing injection of much worth. but how about a damping attack (flap the victim's route enough to cause everyone to damp them), or would mrai stiffle that? could it be used to cascade to a neighbor? i suppose that diverting the just the right 15-30 seconds of traffic could be profitable. secondly, is there reason not to believe that the attack vectors might be at layer two, mpls, as well as layer three, ip? i.e. the "internet-free core" gambit does not reduce exposure to this one?
The "bad guys" are discussing the issues and we should think long and hard before we muzzle the "good guys".
http://rip.psg.com/~randy/draft-ymbk-obscurity-00.txt is a bit old, but seems relevant. randy