Hi,
> What if sessions were attacked without MD5 in place. We
would just see
> session resets. As these happen anyway frequently at
peering points is
> there
> any straightforward way to determine if the vulnerability
caused the
> reset?If you're referring to session resets because of a peer or user
action then something akin to "Last reset due to FOO" can likely
be gleaned from "show bgp neighbor" output, especially since BGP
performs "graceful shutdown" via notification messages under normal
conditions
I think what I'm trying to ask is:
1. Does anyone know if the exploit is actually being used? and
2. I assume there is no way to identify an exploit reset from the usual
resets caused by routers hanging, ports failing, DDoS's, etc. However, I
thought I'd ask...
Kind regards,
Mark
