8 Jan
2019
8 Jan
'19
12:02 p.m.
Hey,
After seeing this initial result I'm wondering why the researchers couldn't set up their own sandbox first before breaking code on the internet. I believe FRR is a free download and comes with GNU autoconf.
We probably should avoid anything which might demotivate future good guys from finding breaking bugs and reporting them, while sending perfectly standard-compliant messages. Only ones who will win are bad guys who collect libraries of how-to-break-internet. There are certainly several transit packet of deaths and BGP parser bugs in each implementation, I'd rather have good guy trigger them and give me details why my network broke, than have bad guy store them for future use. -- ++ytti