Did your BGP crash today?
James Hess
mysidia at gmail.com
Sat Aug 28 17:47:00 UTC 2010
On Fri, Aug 27, 2010 at 2:33 PM, Dave Israel <davei at otd.com> wrote:
> On 8/27/2010 3:22 PM, Jared Mauch wrote:
[snip]
> an MD5 hash that can be added to the packet. If the TCP hash checks
Hello, layering violation. If the TCP MD5 option was used, the
MD5 checksum was probably correct.
Malformed BGP Protocol messages, not malformed TCP messages.
The BGP protocol that lives on top of TCP is a non-packetized stream.
Dropping the IP packets, would just mean that the IP packets
containing the malformed BGP data
need to get resent (still containing malformed BGP application
protocol data, when resent).
> out, then you know the packet wasn't garbled, and just contained
> information you didn't grok. That seems like enough evidence to be able
> to shrug and toss the packet without dropping the session.
If the attribute is malformed, and in particular, if the _length_
value is malformed,
because more bits have been transmitted as part of an update than
indicated in the length,
how do you reliably determine exactly where the "junk" ends, and
the next attribute
starts, and resume the stream without loss of other critical data?
Without a valid length of the attribute, you don't know which bit
the next attribute starts at,
or which bit the next update starts at.
If the apparently length of the update is wrong, the rest of your
session appears to be malformed.
If your guess is wrong, you could wind up interpreting part of the
attribute DATA portion
as another route update, allowing an adversary to exploit the
malformed bug to
possibly inject new routes.
A "recovery" mechanism could lead to worse problems, or lead to
problems not being discovered.
> -Dave
--
-J
More information about the NANOG
mailing list