[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP vs BGP attacks

From: Jeff Burdges
Subject: Re: TCP vs BGP attacks
Date: Tue, 9 Feb 2021 15:05:49 +0100

> On 9 Feb 2021, at 14:49, Schanzenbach, Martin <> wrote:
> What do you mean by attack? An isolated AS? A brief hickup?

A malicious AS publishes a BGP route that send a specific targets' traffic to 
itself, so that it can drop all traffic to and/or from the target.  The 
malicious AS is not concerned about collateral damage and only needs to 
maintain the attack for a several minutes. 

> If the endpoints are no longer connected (e.g. an AS is cut off), then it 
> does not really matter which
> protocol you use, the communication will be disrupted. The application will 
> have to handle that.
> For TCP, if the disruption is temporary it may be able to recover, as TJM 
> said.
> A general "does not overly disrupt TCP connections" seems wrong to me though.

Right okay this is what I would expect. 

> I do not see how an issue with BGP would be different from, say, an ARP 
> spoofing attack.
> Both attacks target the network layer, not the transport.

Right okay

My question was specifically about *open* TCP connections.  I’d assume the 
major routers are fairly stateless, so there should be no difference between 
TCP and UDP.  I interpreted someone’s statements as claiming there was enough 
state there that each TCP connections’ packets would continue using the route 
they found.  This seemed ridiculous. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]