Is it a problem in BGP standard itself or a problem of the currently
available implementations from the vendors? What is the effect of the hole, will it make sessions flap or does it allow to inject bogus
routing information into BGP?
Noone obviously seems to know yet, except some people of Cisco, Juniper etc. I just can quote again the following:
Rumours of a multi-vendor vulnerability allowing BGP sessions to be
reset by a remote attacker. Apparently the UNIRAS/NISC folk will
publish more details on 2004-04-21, with Cisco, Juniper, and friends to follow.
We got dozens of MD5 requests in the last 48 hours, so I guess it must be a really big mess.
It doesn't matter whether Zebra / Quagga is affected. The other end of your Zebra / Quagga is likely a C or J box, and I can imagine that some carriers will simply shut down all peerings without MD5. Even more that IP addresses of public exchanges are very well documented which makes it an easy target for attackers.
Some of you might be glad to hear that there is now a patch out for Quagga:
-------- Original Message -------- Subject: Patch: Quagga + TCP MD5 for BGP (RFC 2385) in Linux Date: Sat, 17 Apr 2004 10:50:33 +0200 From: Marco Huggenberger
Hasso Tepper hats drauf, siehe: http://hasso.linux.ee/quagga/bgp-md5.en.php
F. ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
