AS PATH limits

Christopher Morrow morrowc.lists at gmail.com
Sun Oct 1 01:28:28 CST 2017


On Sat, Sep 30, 2017 at 12:47 PM, Ken Chase <math at sizone.org> wrote:

> I dont see that as the solution. Someone else will offend again.
>
> However, I also don't see trusting major backbones as our filters (for many
> other reasons). Our software should be handling what's effectively a
> buffer overflow
> or equivalent (beware long paths that are actually shellcode).
>
> Quagga among others seems to be subject to this bug, pre 0.99.23 or so
> (.99.24+ seems ok). So upgrading is a solution.
>
>
ii  quagga              0.99.22.4-3ubu i386           BGP/OSPF/RIP routing
daemon

interestingly enough that isn't crashlooping nor is it bouncing bgp
sessions:
192.168.100.100  4 MYASN 1642717    8864        0    0    0 2d23h32m
672475

and it's happily showing me the route even...

There was also some chatter on the quagga mailing list on how it's more
> pleasant to stab your eyeballs out rather than constructing extremely long
> regexp's that might work as a filter.
>
> https://lists.quagga.net/pipermail/quagga-users/2017-September/thread.html
>
> /kc
>
>
> On Sat, Sep 30, 2017 at 05:30:03PM +0200, Niels Raijer said:
>   >My message to NANOG about this from 12:31 UTC today is still in the
> moderation queue. I had opened a support case with Cogent before writing my
> message to NANOG and Cogent has let me know approximately 40 minutes ago
> that they have contacted their customer.
>   >
>   >Niels
>   >
>   >
>   >
>   >On 30 Sep 2017, at 17:09, sthaug at nethelp.no wrote:
>   >
>   >>> If you're on cogent, since 22:30 UTC yesterday or so this has been
> happening
>   >>> (or happened).
>   >>
>   >> Still happening here. I count 562 prepends (563 * 262197) in the
>   >> advertisement we receive from Cogent. I see no good reason why we
>   >> should accept that many prepends.
>   >>
>   >> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>   >
>
> --
> Ken Chase - math at sizone.org  Guelph Canada
>


More information about the NANOG mailing list