RE: BGP Exploit

Smith_Donald · May 4, 2004, 6:24pm

I have seen 3 pubic ally available tools that ALL work.
I have seen 2 privately tools that work.
A traffic generator can be configured to successfully tear down bgp
sessions.

Given src/dst ip and ports :
I tested with a cross platform EBGP peering with md5 using several of
the tools I could not tear down the sessions.
I tested both Cisco and juniper BGP peering after code upgrades without
md5 I could not tear down the sessions.

Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC
kill -13 111.2

James_Edwards · May 4, 2004, 10:41pm

What would a Cisco log if the IP's for the BGP sessions were attacked & MD5
was in place ?
"No MD5 digest from <IP>", " Invalid MD5 digest from <IP>" or something else
?
So far, grepping through my logs all I see for "MD5" are the the times I set
MD5
for my BGP sessions.

Stephen_J_Wilcox1 · May 5, 2004, 4:15pm

Of more interest.. does the router die (cpu load) before you brute force the
sessions down

Steve