Let me clarify, our directly connected Qwest router was not under DOS attack so BGP stayed up and we had a full routing table. The router that got hosed was 3 router hops into their backbone and it was definitely hosed good. :-) -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Richard A Steenbergen Sent: Wednesday, May 08, 2002 1:21 PM To: Patrick McEvilly Cc: nanog@merit.edu Subject: Re: Qwest outage In NY On Wed, May 08, 2002 at 12:32:00PM -0400, Patrick McEvilly wrote:
Qwest has confirmed a DOS attach against two of their Juniper routers in the NY POP. I believe they had a UDP attack last week also (maybe on Saturday). This time the DOS was a TCP attack on the 100Mb management interface on the Juniper, leaving the box unable to pass packets, hence BGP stays up and a full routing table but you cannot get anywhere.
Ok I'll bite... What crackpipe are you smoking from? If the link from the RE to the PFE (the fxp1) became saturated, or enough packets hit the RE to blow away the processor, BGP (and the CLI, and everything else) would certainly fall over. Much like with any other router using distributed forwarding, if the management processor dies, the traffic will continue to forward until the routing protocols timed out and the rest of the network stopped sending it traffic. The attack would then stop hitting the box in question, it would come back up, and the cycle would repeat. This assumes that there are actual routing protocols, in the case where it's statically routed the box just stays down. :) But Juniper is more resilient to this form of attack than most, and you have the ability to filter packets going to the RE on any IP rev. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)