Re: Path Attribute Attack

2023-09-18 Thread Pim van Pelt via Bird-users 
Hoi,

The researcher published an article which claimed bird and bird2 are immune
to the attack described.

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

Pim

On Mon, 18 Sep 2023 at 15:52, Michael Lambert 
wrote:

> As outlined in https://kb.cert.org/vuls/id/347067, there is an attack
> that uses specially crafted Path Attributes in a BGP UPDATE message to
> disrupt peering sessions. I don’t recall seeing any discussions of this
> attack on this list. Is BIRD susceptible?
>
> Thanks,
> Michael
>
>
>

Re: Path Attribute Attack

2023-09-18 Thread Maria Matejka via Bird-users 
Hello!

Can't open that link for whatever reason, anyway the last problem with sending 
an invalid path attribute in BGP, killing some sessions repeatedly, didn't 
affect BIRD at all.

Anyway, BIRD transferred this attribute (as unknown transitional) through the 
whole Internet, so we are now working on adding a possibility to delete (or 
also set) any BGP attribute, even unknown.

Hope that helps.
Maria


On 18 September 2023 15:41:32 CEST, Michael Lambert  
wrote:
>As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that 
>uses specially crafted Path Attributes in a BGP UPDATE message to disrupt 
>peering sessions. I don’t recall seeing any discussions of this attack on this 
>list. Is BIRD susceptible?
>
>Thanks,
>Michael
>
>

-- 
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.

Re: Path Attribute Attack

2023-09-18 Thread Ondrej Zajicek 
On Mon, Sep 18, 2023 at 09:41:32AM -0400, Michael Lambert wrote:
> As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that 
> uses specially crafted Path Attributes in a BGP UPDATE message to disrupt 
> peering sessions. I don’t recall seeing any discussions of this attack on 
> this list. Is BIRD susceptible?

Hi

AFAIK it is not. See 'Unimpacted Vendors' in:

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Path Attribute Attack

2023-09-18 Thread Michael Lambert 
As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that uses 
specially crafted Path Attributes in a BGP UPDATE message to disrupt peering 
sessions. I don’t recall seeing any discussions of this attack on this list. Is 
BIRD susceptible?

Thanks,
Michael