I have seen 3 pubic ally available tools that ALL work. I have seen 2 privately tools that work. A traffic generator can be configured to successfully tear down bgp sessions. Given src/dst ip and ports : I tested with a cross platform EBGP peering with md5 using several of the tools I could not tear down the sessions. I tested both Cisco and juniper BGP peering after code upgrades without md5 I could not tear down the sessions. Donald.Smith@qwest.com GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Steven M. Bellovin Sent: Tuesday, May 04, 2004 11:54 AM To: Kurt Erik Lindqvist Cc: kwallace@pcconnection.com; nanog@merit.edu Subject: Re: BGP Exploit
In message <C4E8C22A-9DA6-11D8-B28B-000A95928574@kurtis.pp.se>, Kurt Erik Lindq vist writes:
Now that the firestorm over implementing Md5 has quieted
down a bit,
is anybody aware of whether the exploit has been used? Feel free to reply off list.
Even more interesting, did anyone manage to reproduce it?
I don't know if it's being used; I know that reimplementations of the idea are out there.
--Steve Bellovin, http://www.research.att.com/~smb
What would a Cisco log if the IP's for the BGP sessions were attacked & MD5 was in place ? "No MD5 digest from <IP>", " Invalid MD5 digest from <IP>" or something else ? So far, grepping through my logs all I see for "MD5" are the the times I set MD5 for my BGP sessions. -- James H. Edwards Routing and Security At the Santa Fe Office: Internet at Cyber Mesa jamesh@cybermesa.com noc@cybermesa.com (505) 795-7101
Of more interest.. does the router die (cpu load) before you brute force the sessions down Steve On Tue, 4 May 2004, Smith, Donald wrote:
I have seen 3 pubic ally available tools that ALL work. I have seen 2 privately tools that work. A traffic generator can be configured to successfully tear down bgp sessions.
Given src/dst ip and ports : I tested with a cross platform EBGP peering with md5 using several of the tools I could not tear down the sessions. I tested both Cisco and juniper BGP peering after code upgrades without md5 I could not tear down the sessions.
Donald.Smith@qwest.com GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Steven M. Bellovin Sent: Tuesday, May 04, 2004 11:54 AM To: Kurt Erik Lindqvist Cc: kwallace@pcconnection.com; nanog@merit.edu Subject: Re: BGP Exploit
In message <C4E8C22A-9DA6-11D8-B28B-000A95928574@kurtis.pp.se>, Kurt Erik Lindq vist writes:
Now that the firestorm over implementing Md5 has quieted
down a bit,
is anybody aware of whether the exploit has been used? Feel free to reply off list.
Even more interesting, did anyone manage to reproduce it?
I don't know if it's being used; I know that reimplementations of the idea are out there.
--Steve Bellovin, http://www.research.att.com/~smb
participants (3)
-
james -
Smith, Donald -
Stephen J. Wilcox