On 2008/12/28 08:19, Claudio Jeker wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2008/12/28 08:19:21 > > Modified files: > usr.sbin/bgpd : rde.c > > Log message: > Add a ugly workaround for the problem where an invalid AS4_PATH is passed > over mulitple hops and causes bgpd to close the connection. This is what > the RFC requires us to do but the result is a DoS against all OpenBGPD > routers when somebody injects such a bad optional transitive attribute > because the intermediate routers don't give a damn about it.
no big surprise, it looks like the few IOS that can understand AS4_PATH have problems too. http://permalink.gmane.org/gmane.network.nsp.cisco/57438 and now I see 91.207.218.0/23 being sourced again: BGP routing table entry for 91.207.218.0/23 3344 21099 2914 35320 3.21 23456 Nexthop 85.116.1.205 (via 85.116.1.205) from kewlio.warlock (85.116.1.17) Origin incomplete, metric 5, localpref 250, external, valid, best Last update: 19:08:58 ago Communities: 41103:3344 3344:21099 3344:60000 3344:63300 21099:60000 21099:60001 (etc). 23456 in AS4_PATH? very fishy...
