very helpful analysis. some questions:
even without stiffling the heap check via crashing_already (i.e. a
'fix' is developed for that weakness), is the 30-60 second window
sufficient to do serious operational damage. i.e. what could an
attacker do with a code injection with a mean life as short as
15-30 seconds? that seems a bit short for a direct routing
injection of much worth. but how about a damping attack (flap the
victim's route enough to cause everyone to damp them), or would
mrai stiffle that? could it be used to cascade to a neighbor? i
suppose that diverting the just the right 15-30 seconds of traffic
could be profitable.
secondly, is there reason not to believe that the attack vectors
might be at layer two, mpls, as well as layer three, ip? i.e. the
"internet-free core" gambit does not reduce exposure to this one?
The "bad guys" are discussing the issues and we should think long
and hard before we muzzle the "good guys".
http://rip.psg.com/~randy/draft-ymbk-obscurity-00.txt is a bit old,
but seems relevant.