NAP/ISP Saturation WAS: Re: Exchanges that matter...

Ophir Ronen ophir at
Fri Dec 20 22:38:00 UTC 1996

On Fri, 20 Dec 1996, Alex.Bligh wrote:

> > I think that there's some lack of clarity on the problem here.  Anyone can
> > stream packets at ANY router and take it down.  If it's not ICMP, you can
> > simply forge routing protocol packets.  It's a question of simply
> > supersaturating the system.  To truly deal with DoS attacks, there are
> > basically three approaches:
> Indeed. For instance SYN-flood the BGP port.

	Correct me if I'm wrong but to the best of my recollection, in
order for a packet to be accepted on the BGP port, it must be originating
from a configured BGP peer. Since the SYN flood method relies on the
attack originating from an unreachable (yet routable) address, it would
seem that this approach will fail. 


If the local system detects that a remote peer is trying to
establish BGP connection to it, and the IP address of the
remote peer is not an expected one, the local system restarts
the ConnectRetry timer, rejects the attempted connection,
continues to listen for a connection that may be initiated by
the remote BGP peer, and stays in the Active state.


More information about the NANOG mailing list