[AusNOG] Interesting - How a Router's Missed Range Check Nearly Crashed the Internet

Mark McKibbin mark at team.dcsi.net.au
Tue Feb 24 12:45:01 EST 2009 

Sorry folks, didn't realise it would offend. I shouldn't have lumped the
owner of Mitrotik with George Bush that was rather mean of me.

Mark McKibbin
DCS Internet


-----Original Message-----
From: Mark Smith [mailto:marksmith at adam.com.au] 
Sent: Tuesday, 24 February 2009 11:10 AM
To: Mark McKibbin
Cc: ausnog at lists.ausnog.net; NZNOG at list.waikato.ac.nz
Subject: Re: [AusNOG] Interesting - How a Router's Missed Range Check
Nearly Crashed the Internet

Mark McKibbin wrote:
> Mikrotik may be Latvian but the owner is a Texan (just like George 
> Bush).....explains everything.
> 
>  

This is all pretty xenophobic guys. I'd thought people on this list 
would be smarter than that. Imperfection is a human trait, not one 
attributable to a country or race.

> 
> Mark McKibbin
> 
> DCS Internet
> 
> P Please consider the trees that will die if you choose to print this
email
> 
>  
> 
> *From:* ausnog-bounces at lists.ausnog.net 
> [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Skeeve Stevens
> *Sent:* Monday, 23 February 2009 4:00 AM
> *To:* ausnog at lists.ausnog.net; NZNOG at list.waikato.ac.nz
> *Subject:* [AusNOG] Interesting - How a Router's Missed Range Check 
> Nearly Crashed the Internet
> 
>  
> 
>  From the front page of Slashdot:
> 
>  
> 
>  
> 
> Barlaam writes "A bug by router vendor A (omitting a range check from
a 
> critical field in the configuration interface) tickled a bug from
router 
> vendor B (dropping BGP sessions when processing some ASPATH attributes

> with length very close to 256), causing a ripple effect that caused 
> widespread global routing instability last week. The flaw lay dormant 
> until one of vendor A's systems was deployed in an autonomous system 
> whose ASN, modulo 256, was greater than 250. At that point, the
Internet 
> was one typo away from disaster. Other router vendors, who were not 
> affected by the bug, happily propagated the trigger message to every 
> vulnerable system on the planet in about 30 seconds. Few people 
> appreciate how fragile and unsecured the Internet's trust-based
critical 
> infrastructure really is - this is just the latest example." Vendor A,

> in this case, is a Latvian router vendor called MikroTik.
> 
>  
> 
>  
> 
> Is this just the 4byte ASN thing from months ago or something new?
> 
>  
> 
> I knew there was a reason I hated Mikrotik's so much.
> 
>  
> 
> --
> 
> Skeeve Stevens, CEO/Technical Director
> 
> eintellego Pty Ltd - The Networking Specialists
> 
> skeeve at eintellego.net / www.eintellego.net <http://www.eintellego.net>
> 
> Phone: 1300 753 383, Fax: (+612) 8572 9954
> 
> Cell +61 (0)414 753 383 / skype://skeeve
> 
> --
> 
> NOC, NOC, who's there?
> 
>  
> 
> Disclaimer: Limits of Liability and Disclaimer: This message is for
the 
> named person's use only. It may contain sensitive and private 
> proprietary or legally privileged information. You must not, directly
or 
> indirectly, use, disclose, distribute, print, or copy any part of this

> message if you are not the intended recipient. eintellego Pty Ltd and 
> each legal entity in the Tefilah Pty Ltd group of companies reserve
the 
> right to monitor all e-mail communications through its networks.  Any 
> views expressed in this message are those of the individual sender, 
> except where the message states otherwise and the sender is authorised

> to state them to be the views of any such entity. Any reference to 
> costs, fee quotations, contractual transactions and variations to 
> contract terms is subject to separate confirmation in writing signed
by 
> an authorised representative of eintellego. Whilst all efforts are
made 
> to safeguard inbound and outbound e-mails, we cannot guarantee that 
> attachments are virus-free or compatible with your systems and do not 
> accept any liability in respect of viruses or computer problems
experienced.
> 
>  
> 
>  
> 
>  
> 
> 
>
------------------------------------------------------------------------
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list