Re: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?
I'd have to _assume_ that a lot of those impacted don't have a maint contract with their router vendor of choice and therefore don't have an easy path to upgrade. -jim ------Original Message------ From: Jared Mauch To: randal k Cc: nanog@nanog.org Subject: Re: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ? Sent: Aug 17, 2009 7:40 PM On Aug 17, 2009, at 5:37 PM, randal k wrote:
Yep, we started seeing this right around 12:20pm MST. We saw it from a customer's rapidly-flapping BGP peer. We told them to configure bgp maxas-limit, but apparently CRS1s don't have that command.
Anybody have a handy route-map that will deny anything with a as-path longer than say 15-20? ;-)
Is there some significant barrier to people getting recent code on the devices that is not impacted by this and the other fun bgp 'attacks' that can happen? We usually see customers drop bgp sessions all over, making me wonder ... if you're not able to upgrade, what is the issue? Just that most people don't see these as an attack against their infrastructure? That people are unwilling to upgrade code unless it has a long-term impact to their operations? An outage once every few months is OK? - Jared Sent from my BlackBerry device on the Rogers Wireless Network
On Aug 17, 2009, at 6:45 PM, deleskie@gmail.com wrote:
I'd have to _assume_ that a lot of those impacted don't have a maint contract with their router vendor of choice and therefore don't have an easy path to upgrade. -jim
Cisco gives out free software upgrades for any security(PSIRT) issue. Take the recent 4-byte asn crash advisory: -- snip -- http://www.cisco.com/en/US/products/products_security_advisory09186a0080aea4... Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. -- snip -- I would view this as an active attack against the internet infrastructure and be working with the PSIRT team if it impacted my network ... - Jared
participants (2)
-
deleskie@gmail.com
-
Jared Mauch