AS PATH limits

Hank Nussbacher hank at efes.iucc.ac.il
Sun Oct 1 05:17:53 CST 2017


On 01/10/2017 04:28, Christopher Morrow wrote:
> On Sat, Sep 30, 2017 at 12:47 PM, Ken Chase <math at sizone.org> wrote:
>
>> I dont see that as the solution. Someone else will offend again.
>>
>> However, I also don't see trusting major backbones as our filters (for many
>> other reasons). Our software should be handling what's effectively a
>> buffer overflow
>> or equivalent (beware long paths that are actually shellcode).
>>
>> Quagga among others seems to be subject to this bug, pre 0.99.23 or so
>> (.99.24+ seems ok). So upgrading is a solution.
>>
>>
> ii  quagga              0.99.22.4-3ubu i386           BGP/OSPF/RIP routing
> daemon
>
> interestingly enough that isn't crashlooping nor is it bouncing bgp
> sessions:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1572
Quagga 0.99.11 and earlier affected.
Fixed in 2009.

-Hank


> 192.168.100.100  4 MYASN 1642717    8864        0    0    0 2d23h32m
> 672475
>
> and it's happily showing me the route even...
>
> There was also some chatter on the quagga mailing list on how it's more
>> pleasant to stab your eyeballs out rather than constructing extremely long
>> regexp's that might work as a filter.
>>
>> https://lists.quagga.net/pipermail/quagga-users/2017-September/thread.html
>>
>> /kc
>>
>>
>> On Sat, Sep 30, 2017 at 05:30:03PM +0200, Niels Raijer said:
>>   >My message to NANOG about this from 12:31 UTC today is still in the
>> moderation queue. I had opened a support case with Cogent before writing my
>> message to NANOG and Cogent has let me know approximately 40 minutes ago
>> that they have contacted their customer.
>>   >
>>   >Niels
>>   >
>>   >
>>   >
>>   >On 30 Sep 2017, at 17:09, sthaug at nethelp.no wrote:
>>   >
>>   >>> If you're on cogent, since 22:30 UTC yesterday or so this has been
>> happening
>>   >>> (or happened).
>>   >>
>>   >> Still happening here. I count 562 prepends (563 * 262197) in the
>>   >> advertisement we receive from Cogent. I see no good reason why we
>>   >> should accept that many prepends.
>>   >>
>>   >> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>>   >
>>
>> --
>> Ken Chase - math at sizone.org  Guelph Canada
>>



More information about the NANOG mailing list