[AusNOG] Interesting - How a Router's Missed Range Check Nearly Crashed the Internet

Mon Feb 23 10:47:10 EST 2009

What's interesting to me is that large vendors such as Cisco (USA), A-L
(France) and Huawei (China) have the opportunity to put all sorts of
bug/features into the code of their platforms.

If routers were a bit smarter there would be some interesting possibilities
for electronic warfare and information disruption. A new novel for Neal
Stephenson?

Best regards,

Ben O'Loghlin

Managing Director, CTO

Tenfold Network Solutions Pty Ltd

+61 (0) 402 474 171

ben at tenfold.com.au

www.tenfold.com.au

40 Little Charles St,

Fitzroy VIC 3065

Australia

+61 (0) 3 9486 0739

[This communication (including any attachments) is intended solely for the
recipient(s) named above and may contain information that is confidential,
privileged or legally protected. Any unauthorized use or dissemination of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify the sender by return
e-mail message and delete all copies of the original communication. Thank
you for your cooperation.]

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Skeeve Stevens
Sent: Monday, 23 February 2009 4:00 AM
To: ausnog at lists.ausnog.net; NZNOG at list.waikato.ac.nz
Subject: [AusNOG] Interesting - How a Router's Missed Range Check Nearly
Crashed the Internet

>From the front page of Slashdot:

Barlaam writes "A bug by router vendor A (omitting a range check from a
critical field in the configuration interface) tickled a bug from router
vendor B (dropping BGP sessions when processing some ASPATH attributes with
length very close to 256), causing a ripple effect that caused widespread
global routing instability last week. The flaw lay dormant until one of
vendor A's systems was deployed in an autonomous system whose ASN, modulo
256, was greater than 250. At that point, the Internet was one typo away
from disaster. Other router vendors, who were not affected by the bug,
happily propagated the trigger message to every vulnerable system on the
planet in about 30 seconds. Few people appreciate how fragile and unsecured
the Internet's trust-based critical infrastructure really is - this is just
the latest example." Vendor A, in this case, is a Latvian router vendor
called MikroTik.

Is this just the 4byte ASN thing from months ago or something new?

I knew there was a reason I hated Mikrotik's so much.

--

Skeeve Stevens, CEO/Technical Director

eintellego Pty Ltd - The Networking Specialists

skeeve at eintellego.net / www.eintellego.net

Phone: 1300 753 383, Fax: (+612) 8572 9954

Cell +61 (0)414 753 383 / skype://skeeve

--

NOC, NOC, who's there?

Disclaimer: Limits of Liability and Disclaimer: This message is for the
named person's use only. It may contain sensitive and private proprietary or
legally privileged information. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you are not
the intended recipient. eintellego Pty Ltd and each legal entity in the
Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail
communications through its networks.  Any views expressed in this message
are those of the individual sender, except where the message states
otherwise and the sender is authorised to state them to be the views of any
such entity. Any reference to costs, fee quotations, contractual
transactions and variations to contract terms is subject to separate
confirmation in writing signed by an authorised representative of
eintellego. Whilst all efforts are made to safeguard inbound and outbound
e-mails, we cannot guarantee that attachments are virus-free or compatible
with your systems and do not accept any liability in respect of viruses or
computer problems experienced.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090223/444e50e7/attachment.html>