Juniper PSN-2010-01-626 (AS4 Again!)

              · · · · · ·

I’ve had a couple of mails relating to this PSN, which again references the research that Andy Davidson, Jonathan Oddy and I did last year. It seems that some of the sources of the initial mailing list posts we made are gone (particularly the one that is referenced from both Juniper’s site and most other places). For that reason, I’ve included both the mails that we sent to NANOG/C-NSP/J-NSP last year here.

32-bit AS numbers introduce a new BGP flaw.

              · · · · ·

Last Friday, Andy Davidson, Jonathan Oddy, and I pushed out some research that has some quite worrying repercussions. Whilst I’ve heard from a lot of people privately about this matter, there’s a big flaw here, and as Andy posted on his blog (which is much more informative than mine, I think!), this is a big problem. The reason, I think, that we’re getting limited public discussion of this exploit (I hesitate to call it an exploit, it’s a flaw really, because it’s actually a result of the RFC that the problem exists), is because the implementations of 4-byte AS support that are out there already are generally not standards compliant.