[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ptomaine-nopeer-00.txt
- To: iesg <iesg@ietf.org>
- Subject: draft-ietf-ptomaine-nopeer-00.txt
- From: Randy Bush <randy@psg.com>
- Date: Sun, 16 Feb 2003 22:25:41 -0800
author agrees to go for info as there is not wide documented deployment
author will revise sec cons per ops-dir discussion
revised version should be in i-d dir for thurs agenda. if not, new
sec cons is as appended.
randy
---
Security Considerations
"BGP is an instance of a relaying protocol, where route information
is received, processed and forwarded. BGP contains no specific
mechanisms to prevent the unauthorized modification of the
information by a forwarding agent, allowing routing information to be
modified, deleted or fase information to be inserted without
the knowledge of the originator of the routing information or
any of the recipients.
This proposed NOPEER community does not alter this overall situation
concerning the integrity of BGP as a routing system.
This proposal has the capability to introduce additional attack
mechanisms into BGP by allowing the potential for denial of service
attacks for an address prefix range being launched by a remote AS.
Unauthorized addition of this community to a route prefix by a transit
provider where there is no covering aggregate route prefix may cause a
denial of service attack based on denial of reachability to the
prefix. Even in the case that there is a covering aggregate, if the
more specific route has a different origin AS than the aggregate, the
addition of this community by a transit AS may cause a denial of
service attack on the origin AS of the more specific prefix.
BGP is already vulnerable to a denial of service attack based on the
injection of false routing information. It is possible to use this
community to limit the redistribution of a false route entry such that
its visibility can be limited and detection and rectification of the
problem can be more difficult under the circumstances of limited
redistribution.