Well, long as-path of 100 is certain to be invalid (result of misconfig if not direct probe for vulnerability). Would it be good to recommend for ISPs filter at some as-path size as its easy easy and does not consume router resources? Would would be good as-path size to filter on, just to be certain no valid route is filtered (just in case allow possible growth of as-path up to 2x what it is now)? On Mon, 31 Jan 2005, Blaine Christian wrote:
Specifically, they have the ability to tickle a legacy cisco bug with AS path length. This bug was supposedly mitigated in code and I believe my previous company is still filtering AS path length (UUNET) of 100 or greater.
A valid AS-Path of greater than 100 has not yet been found (which was why the filters were in place).
On 1/31/05 8:53 AM, "Jared Mauch" <jared@puck.nether.net> wrote:
On Mon, Jan 31, 2005 at 07:19:14AM +0200, Hank Nussbacher wrote:
At 10:23 PM 30-01-05 -0500, Jon Lewis wrote:
Someone at fido.net having some bgp config issues?
Looks like someone probing for a buffer overflow on a world-wide basis.
-Hank
Jan 30 18:34:51 EST: %BGP-6-ASPATH: Long AS path 6461 3356 6770 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 received from ...
Router(config-router)#bgp maxas-limit ? <1-2000> Number of ASes in the AS-PATH attribute
Router(config-router)#bgp maxas-limit 50
Easy to fix/reject.
- jared