Path Attribute Attack
As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that uses specially crafted Path Attributes in a BGP UPDATE message to disrupt peering sessions. I don’t recall seeing any discussions of this attack on this list. Is BIRD susceptible? Thanks, Michael
On Mon, Sep 18, 2023 at 09:41:32AM -0400, Michael Lambert wrote:
As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that uses specially crafted Path Attributes in a BGP UPDATE message to disrupt peering sessions. I don’t recall seeing any discussions of this attack on this list. Is BIRD susceptible?
Hi AFAIK it is not. See 'Unimpacted Vendors' in: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello! Can't open that link for whatever reason, anyway the last problem with sending an invalid path attribute in BGP, killing some sessions repeatedly, didn't affect BIRD at all. Anyway, BIRD transferred this attribute (as unknown transitional) through the whole Internet, so we are now working on adding a possibility to delete (or also set) any BGP attribute, even unknown. Hope that helps. Maria On 18 September 2023 15:41:32 CEST, Michael Lambert <lambert@andrew.cmu.edu> wrote:
As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that uses specially crafted Path Attributes in a BGP UPDATE message to disrupt peering sessions. I don’t recall seeing any discussions of this attack on this list. Is BIRD susceptible?
Thanks, Michael
-- Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
Hoi, The researcher published an article which claimed bird and bird2 are immune to the attack described. https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling Pim On Mon, 18 Sep 2023 at 15:52, Michael Lambert <lambert@andrew.cmu.edu> wrote:
As outlined in https://kb.cert.org/vuls/id/347067, there is an attack that uses specially crafted Path Attributes in a BGP UPDATE message to disrupt peering sessions. I don’t recall seeing any discussions of this attack on this list. Is BIRD susceptible?
Thanks, Michael
participants (4)
-
Maria Matejka -
Michael Lambert -
Ondrej Zajicek -
Pim van Pelt