IETF Logo Mail Archive

Re: [RPSEC] DDoS of routing ?

Iljitsch van Beijnum <iljitsch@muada.com> Thu, 13 March 2003 13:57 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00633 for <rpsec-archive@odin.ietf.org>; Thu, 13 Mar 2003 08:57:50 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2DECIs29863 for rpsec-archive@odin.ietf.org; Thu, 13 Mar 2003 09:12:18 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DECIO29860 for <rpsec-web-archive@optimus.ietf.org>; Thu, 13 Mar 2003 09:12:18 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00593 for <rpsec-web-archive@ietf.org>; Thu, 13 Mar 2003 08:57:19 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DEBLO29789; Thu, 13 Mar 2003 09:11:21 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2DEAUO29755 for <rpsec@optimus.ietf.org>; Thu, 13 Mar 2003 09:10:30 -0500
Received: from sequoia.muada.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00522 for <rpsec@ietf.org>; Thu, 13 Mar 2003 08:55:31 -0500 (EST)
Received: from localhost (iljitsch@localhost) by sequoia.muada.com (8.11.3/8.9.3) with ESMTP id h2DDw0K75204; Thu, 13 Mar 2003 14:58:00 +0100 (CET) (envelope-from iljitsch@muada.com)
Date: Thu, 13 Mar 2003 14:58:00 +0100
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: "Ayyasamy, Senthilkumar (UMKC-Student)" <saq66@umkc.edu>
cc: rpsec@ietf.org
Subject: Re: [RPSEC] DDoS of routing ?
In-Reply-To: <5EF7D95E17BDAD4A968C812E5ABC390B02D025@KC-MAIL4.kc.umkc.edu>
Message-ID: <20030313143414.V69506-100000@sequoia.muada.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: rpsec-admin@ietf.org
Errors-To: rpsec-admin@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>

On Thu, 13 Mar 2003, Ayyasamy, Senthilkumar  (UMKC-Student) wrote:

> while a DoS attack of routing pkts by a peer can lead to RT
> exhaustion, is DDoS of routing pkts observed previously?

I think attacks on port 179 of routers have been observed in the wild.

> Actually, i had an offline discussion with sandy long back and she
> mentioned that it doesn't exist.

You're not saying we should wait to fix holes until someone falls in
them, are you?

At the same time, IGPs are somewhat hard to attack as they use
multicasts that routers aren't going to forward.

> context: zinin-rtg-dos-00
> I guess, zinin draft talks only about DDoS of data traffic.

Doesn't look that way to me. One point we should all take to heart:

  "It is interesting to observe that as security
   mechanisms in routing protocols become more sophisticated and
   computationally expensive, it becomes easier for an attacker to mount
   a CPU-exhaustion-based attack against a router."


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email