Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)

• Previous message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Next message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* haesu at towardex.com (James) [Fri 23 Apr 2004, 02:58 CEST]:
> in IOS bgp will bind source ip that is relevant to the subnet it is
> being peered with, even if it is a secondary ip. i am not sure if it

Actually my lab testing showed that older routers (2500/4500) do so, but
real equipment (7200/7500) doesn't, for some reason


> binds the ip to primary ip for the first time, then fall back to
> secondary ip as primary fails though.. all i know is that when i've

This it definitely doesn't do.


> tried it by putting a bogus ip as primary, bgp session did turn up, but
> took a little longer than usual.. didn't investigate any further
> however.

That's probably because the other end initiated the TCP session by then.


	-- Niels.

• Previous message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Next message (by thread): Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]