On Wed, Aug 08, 2007 at 03:20:56PM -0700,
william(at)elan.net <[EMAIL PROTECTED]> wrote
a message of 23 lines which said:
> How is that an "anti DoS" technique when you actually need to return
> an answer via UDP in order to force next request via TCP?
Because there is no amplification: the U
I asked this question to a couple of folks:
"at the current churn rate/ration, at what size doe the FIB need to
be before it will not converge?"
and got these answers:
- jabber log -
a fine question, has been asked many times, and afaik noone has
provided any
the fib in a heavily peered dfz router does not often converge now. the
question is when will the router not be able to process the volume of
churn, i.e. fall behind further and further? as there is non-trivial
headroom in the algorithms, moore's law on the processors, etc. etc.,
your message is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you're using NHRP and haven't patched, it might be a good
idea to do so real soon now.
A proof of concept exploit is now avialable which can crash a router
configured with NHRP authentication enabled:
http://www.milw0rm.com/exploits/4272
Cisco
On Thu, 9 Aug 2007, Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you're using NHRP and haven't patched, it might be a good
idea to do so real soon now.
A proof of concept exploit is now avialable which can crash a router
configured with NHRP authentication enabled:
h
On Aug 9, 2007, at 12:21 PM, [EMAIL PROTECTED] wrote:
so putting a stake in the ground, BGP will stop working @ around
2,500,000 routes - can't converge... regardless of IPv4 or IPv6.
unless the CPU's change or the convergence algorithm changes.
That is a pretty big
Yes a very big unless. Multi-core processors are already available that
would make very large BGP convergence possible. Change the algorithm as
well and perhaps add some multi-threading to it and it's even better.
--
Leigh Porter
Patrick Giagnocavo wrote:
On Aug 9, 2007, at 12:21 PM, [
On Aug 9, 2007, at 12:09 PM, Leigh Porter wrote:
Yes a very big unless. Multi-core processors are already available
that would make very large BGP convergence possible. Change the
algorithm as well and perhaps add some multi-threading to it and
it's even better.
Anyone have a decent
On Thu, Aug 09, 2007 at 07:24:58AM -1000, Randy Bush wrote:
>
> the fib in a heavily peered dfz router does not often converge now.
never? or over some predefined period of time?
> the
> question is when will the router not be able to process the volume of
> churn, i.e. fall behind f
On Aug 9, 2007, at 3:47 PM, Tony Li wrote:
On Aug 9, 2007, at 12:09 PM, Leigh Porter wrote:
Yes a very big unless. Multi-core processors are already available
that would make very large BGP convergence possible. Change the
algorithm as well and perhaps add some multi-threading to it a
On Thu, Aug 09, 2007 at 08:09:54PM +0100, Leigh Porter wrote:
>
>
> Yes a very big unless. Multi-core processors are already available that
> would make very large BGP convergence possible. Change the algorithm as
> well and perhaps add some multi-threading to it and it's even better.
On Thu, 9 Aug 2007, Steve Atkins wrote:
On Aug 9, 2007, at 12:09 PM, Leigh Porter wrote:
Yes a very big unless. Multi-core processors are already available that
would make very large BGP convergence possible. Change the algorithm as
well and perhaps add some multi-threading to it and it
>> the fib in a heavily peered dfz router does not often converge now.
> never? or over some predefined period of time?
not often
>> as there is non-trivial headroom in the algorithms,
> the BGP algorithm does not change (BGP-5, BGP-6 etc anyone)
algorithm != protocol
randy
On Wed, 8 Aug 2007, David Conrad wrote:
How many bytes of shell code can you stuff in a 512 byte DNS UDP packet?
How many bytes of shell code can you stuff into a 4096 byte EDNS0 UDP
packet? :)
P.S. I still think blocking TCP/53 is stupid.
Agreed.
--
If you're never wrong, you
I can add one more voice to the chorus, not that it will necessarily
change anyone's mind. :)
When I was at Yahoo! the question of whether to keep TCP open or not had
already been settled, since they had found that if they didn't have it
open there was some small percentage of users who coul
> I asked this question to a couple of folks:
>
> "at the current churn rate/ration, at what size doe the FIB need to
> be before it will not converge?"
>
> and got these answers:
>
> - jabber log -
> a fine question, has been asked many times, and afaik noone h
Lincoln Dale wrote:
>> I asked this question to a couple of folks:
>>
>> "at the current churn rate/ration, at what size doe the FIB need to
>> be before it will not converge?"
>>
>> and got these answers:
>>
>> - jabber log -
>> a fine question, has been asked many
On 8/9/07, Randy Bush <[EMAIL PROTECTED]> wrote:
>
> the fib in a heavily peered dfz router does not often converge now. the
> question is when will the router not be able to process the volume of
> churn, i.e. fall behind further and further? as there is non-trivial
> headroom in the algorithms,
18 matches
Mail list logo
