From the front page of Slashdot:
Barlaam writes "A bug by router vendor A (omitting a range check from a critical
field in the configuration interface) tickled a bug from router vendor B (dropping BGP
sessions when processing some ASPATH attributes with length very close to 256), causing a
ripple effect that caused widespread global routing instability last week. The flaw lay
dormant until one of vendor A's systems was deployed in an autonomous system whose
ASN, modulo 256, was greater than 250. At that point, the Internet was one typo away from
disaster. Other router vendors, who were not affected by the bug, happily propagated the
trigger message to every vulnerable system on the planet in about 30 seconds. Few people
appreciate how fragile and unsecured the Internet's trust-based critical
infrastructure really is - this is just the latest example." Vendor A, in this case,
is a Latvian router vendor called MikroTik.
Is this just the 4byte ASN thing from months ago or something new?
I knew there was a reason I hated Mikrotik's so much.
Skeeve Stevens, CEO/Technical Director
eintellego Pty Ltd - The Networking Specialists
skeeve(a)eintellego.net / www.eintellego.net
Phone: 1300 753 383, Fax: (+612) 8572 9954
Cell +61 (0)414 753 383 / skype://skeeve
NOC, NOC, who's there?
Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's
use only. It may contain sensitive and private proprietary or legally privileged
information. You must not, directly or indirectly, use, disclose, distribute, print, or
copy any part of this message if you are not the intended recipient. eintellego Pty Ltd
and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to
monitor all e-mail communications through its networks. Any views expressed in this
message are those of the individual sender, except where the message states otherwise and
the sender is authorised to state them to be the views of any such entity. Any reference
to costs, fee quotations, contractual transactions and variations to contract terms is
subject to separate confirmation in writing signed by an authorised representative of
eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we
cannot guarantee that attachments are virus-free or compatible with your systems and do
not accept any liability in respect of viruses or computer problems experienced.