tcp bgp vulnerability looking glass and route server issues.

Troy Davis troy at nack.net
Thu Apr 22 03:37:45 UTC 2004


On Wed, Apr 21, 2004 at 04:21:51PM -0700, Lane Patterson <lpatterson at equinix.com> wrote:

> While I agree that publicly open route-views routers should not allow
> display of "sho ip bgp nei" information, this is only giving away 4-tuple
> info regarding non-production BGP sessions, right?  So folks could 

A few cases where a non-production session source port suggests same for
production sessions, assuming the production router opened the connections:

 - Reachability for a non-production session can depend on the same
interface(s) as production session(s), so they may use sequential ports
after an interface flap.

 - When the source port is near the start of the range (ie, 11020), other
sessions with that router may have last reset when it reloaded.

Troy



More information about the NANOG mailing list