Re: [Idr] proposed additional text

[Curtis Villamizar <curtis at fictitious.org>]

In message <3E2E55C2-A83E-11D8-A4BD-000A95D1475E@tony.li>, Tony Li writes:
> 
> On May 17, 2004, at 12:02 PM, Curtis Villamizar wrote:
> 
> > Like I said this "attack" is a real stretch of the imagination.
> >
> 
> True, but you have to acknowledge that it is possible.  On that basis
> I recommend that we leave the text as is.
> 
> Tony


OK.  If BGP cycles every 8 days and if UPDATE packet size are
distributed over a set of 500 values (for argument sake), then one out
of every 500 cycles on average you'd get the front of the packet to
align.  That's once every 4,000 days, or about 11 years.  Then the
packet size would have to be the same so you have to consider
statistically how often UPDATE packets are the same size (I think we
can agree that spoofing a keepalive is harmless).

So once every few hundred years someone could replay a valid UPDATE
packet and someone out there would be wondering how it is that they
can get to 140.222/16 and a bunch of other places that don't exist and
routes to some places that do exist might be going the wrong way.

That is if no one has changed the MD5 key in that amount of time.
And of course no one will notice that someone is sniffing packets all
this time.

Do we really need to document this as a "threat"?  If so, we should
look more carefully at BGP UPDATE packet size stats and get a more
accurate idea of what the threat is.

And since we know that BGP routing is so incredibly accurate it would
be disasterous if we discovered a BGP session had to be reset every 10
years or 100 years because routes weren't right...  :-)

Of course, since it takes a week or more to cycle through the sequence
numbers changing the MD5 key every couple of days would completely
eliminate the replay threat if anyone thought this threat was real.

Curtis

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www1.ietf.org/mailman/listinfo/idr