On 01/10/2017 04:28, Christopher Morrow wrote:
On Sat, Sep 30, 2017 at 12:47 PM, Ken Chase <math@sizone.org> wrote:
I dont see that as the solution. Someone else will offend again.
However, I also don't see trusting major backbones as our filters (for many other reasons). Our software should be handling what's effectively a buffer overflow or equivalent (beware long paths that are actually shellcode).
Quagga among others seems to be subject to this bug, pre 0.99.23 or so (.99.24+ seems ok). So upgrading is a solution.
ii quagga 0.99.22.4-3ubu i386 BGP/OSPF/RIP routing daemon
interestingly enough that isn't crashlooping nor is it bouncing bgp sessions:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1572 Quagga 0.99.11 and earlier affected. Fixed in 2009. -Hank
192.168.100.100 4 MYASN 1642717 8864 0 0 0 2d23h32m 672475
and it's happily showing me the route even...
There was also some chatter on the quagga mailing list on how it's more
pleasant to stab your eyeballs out rather than constructing extremely long regexp's that might work as a filter.
https://lists.quagga.net/pipermail/quagga-users/2017-September/thread.html
/kc
My message to NANOG about this from 12:31 UTC today is still in the moderation queue. I had opened a support case with Cogent before writing my message to NANOG and Cogent has let me know approximately 40 minutes ago
On Sat, Sep 30, 2017 at 05:30:03PM +0200, Niels Raijer said: that they have contacted their customer.
Niels
On 30 Sep 2017, at 17:09, sthaug@nethelp.no wrote:
If you're on cogent, since 22:30 UTC yesterday or so this has been
happening
(or happened).
Still happening here. I count 562 prepends (563 * 262197) in the advertisement we receive from Cogent. I see no good reason why we should accept that many prepends.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
-- Ken Chase - math@sizone.org Guelph Canada