IETF Logo Mail Archive

RE: [RPSEC] DDoS of routing ?

"Ayyasamy, Senthilkumar (UMKC-Student)" <saq66@umkc.edu> Fri, 14 March 2003 04:50 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA03077 for <rpsec-archive@odin.ietf.org>; Thu, 13 Mar 2003 23:50:02 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2E54mR30906 for rpsec-archive@odin.ietf.org; Fri, 14 Mar 2003 00:04:48 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2E54mO30903 for <rpsec-web-archive@optimus.ietf.org>; Fri, 14 Mar 2003 00:04:48 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA03043 for <rpsec-web-archive@ietf.org>; Thu, 13 Mar 2003 23:49:31 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2E541O30836; Fri, 14 Mar 2003 00:04:01 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2E53WO30815 for <rpsec@optimus.ietf.org>; Fri, 14 Mar 2003 00:03:32 -0500
Received: from kc-msxproto2.kc.umkc.edu (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA02970 for <rpsec@ietf.org>; Thu, 13 Mar 2003 23:48:15 -0500 (EST)
Received: from KC-MAIL4.kc.umkc.edu ([134.193.143.211] RDNS failed) by kc-msxproto2.kc.umkc.edu with Microsoft SMTPSVC(5.0.2195.5329); Thu, 13 Mar 2003 22:50:26 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Subject: RE: [RPSEC] DDoS of routing ?
Date: Thu, 13 Mar 2003 22:50:25 -0600
Message-ID: <5EF7D95E17BDAD4A968C812E5ABC390B02D02A@KC-MAIL4.kc.umkc.edu>
Thread-Topic: [RPSEC] DDoS of routing ?
Thread-Index: AcLp1WrWi1PCYRbPRzygKgxSaeUoCAACYUiA
From: "Ayyasamy, Senthilkumar (UMKC-Student)" <saq66@umkc.edu>
To: Alex Zinin <zinin@psg.com>, Iljitsch van Beijnum <iljitsch@muada.com>
Cc: rpsec@ietf.org
X-OriginalArrivalTime: 14 Mar 2003 04:50:26.0138 (UTC) FILETIME=[3AB2E3A0:01C2E9E5]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by www1.ietf.org id h2E53WO30816
Sender: rpsec-admin@ietf.org
Errors-To: rpsec-admin@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit

Iljitsch/Alex, 

> >> while a DoS attack of routing pkts by a peer can lead to RT
> >> exhaustion, is DDoS of routing pkts observed previously?
> 
> > I think attacks on port 179 of routers have been observed 
> in the wild.
> 
> This is what I have heard second hand too.

But, its not so wild like port 80 (www), 137(netbios) and 1434(sql)

Cisco routers avoids this by accepting tcp sessions from configured
peers. How does other systems avoids this port 179 attack...
particularly zebra?

port 179 attack is a way for cpu resource exhaustion. If vendors are
clever enough, heuristics can be provided at ASIC level to avoid
such attacks. 


> >> context: zinin-rtg-dos-00
> >> I guess, zinin draft talks only about DDoS of data traffic.
>
> It is all about protecting routers' control plane from user-level attacks.

Yes. I will read and sent detailed comments later.
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email