Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denialof Service Attack

[Paul Jakma]

On Mon, 13 Sep 2004, Paul Jakma wrote:

> I think he means that BGP treating TCP connections as if they could 
> reliably and securely indicate link/path status (ie connection 
> reset/timeout == link down) status was, in retrospect, a very dumb 
> idea on the part of BGP.

More specifically, BGP should have treated TCP resets as a transient 
error, to be expected (indeed, they /cant/ be a sign that a link is 
down - if you can receive a RST the link or path is patently quite 
ok). The BGP state machine should instead, in normal operation, have 
only treated Hold time expired as the definitive sign of "peer is 
down" and allowed reconnects.

> regards,

regards,
--
Paul Jakma	paul@xxxxxxxx	paul@xxxxxxxxx	Key ID: 64A2FF6A
Fortune:
You will attract cultured and artistic people to your home.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/