By providing the 4tuple ip/port dst/src it makes guessing easier. As for
production vs non-production I suspect we have a mix I did not even
begin to audit them. I few spot checks is all I had time for. I would
welcome any assistence in auditing vulnerable looking glass/route
servers and would personally urge any LG/RS owners that were too verbose
to lock them down a little.
Something I wasn't looking for but found was a full open connect proxy.
With that you can connect to any ip on any port nice way to scan
someelses network and hide your source. I also found a few that allowed
show flash:. Personally the exact image we run on a router isn't
something I would want to publish:-)
Will locking down looking glass/route servers stop the tcp vulnerablity?
NO.
Does providing information assist in trouble shooting a bgp issue? NO.
I tend to error on the side of caution.
Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
I reserve the right to be wrong and exercise as required.