18 Sep
2023
18 Sep
'23
2:10 p.m.
On Mon, Sep 18, 2023 at 09:41:32AM -0400, Michael Lambert wrote:
As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that uses specially crafted Path Attributes in a BGP UPDATE message to disrupt peering sessions. I don’t recall seeing any discussions of this attack on this list. Is BIRD susceptible?
Hi AFAIK it is not. See 'Unimpacted Vendors' in: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."