Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
Niels Bakker
niels=nanog at bakker.net
Fri Apr 23 16:19:17 UTC 2004
* haesu at towardex.com (James) [Fri 23 Apr 2004, 02:58 CEST]:
> in IOS bgp will bind source ip that is relevant to the subnet it is
> being peered with, even if it is a secondary ip. i am not sure if it
Actually my lab testing showed that older routers (2500/4500) do so, but
real equipment (7200/7500) doesn't, for some reason
> binds the ip to primary ip for the first time, then fall back to
> secondary ip as primary fails though.. all i know is that when i've
This it definitely doesn't do.
> tried it by putting a bogus ip as primary, bgp session did turn up, but
> took a little longer than usual.. didn't investigate any further
> however.
That's probably because the other end initiated the TCP session by then.
-- Niels.
More information about the NANOG
mailing list