[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP vs BGP attacks

From: Schanzenbach, Martin
Subject: Re: TCP vs BGP attacks
Date: Tue, 9 Feb 2021 15:24:33 +0100

> On 9. Feb 2021, at 15:05, Jeff Burdges <> wrote:
>> On 9 Feb 2021, at 14:49, Schanzenbach, Martin <> 
>> wrote:
>> What do you mean by attack? An isolated AS? A brief hickup?
> A malicious AS publishes a BGP route that send a specific targets' traffic to 
> itself, so that it can drop all traffic to and/or from the target.  The 
> malicious AS is not concerned about collateral damage and only needs to 
> maintain the attack for a several minutes.
>> If the endpoints are no longer connected (e.g. an AS is cut off), then it 
>> does not really matter which
>> protocol you use, the communication will be disrupted. The application will 
>> have to handle that.
>> For TCP, if the disruption is temporary it may be able to recover, as TJM 
>> said.
>> A general "does not overly disrupt TCP connections" seems wrong to me though.
> Right okay this is what I would expect.
>> I do not see how an issue with BGP would be different from, say, an ARP 
>> spoofing attack.
>> Both attacks target the network layer, not the transport.
> Right okay
> My question was specifically about *open* TCP connections.  I’d assume the 
> major routers are fairly stateless, so there should be no difference between 
> TCP and UDP.  I interpreted someone’s statements as claiming there was enough 
> state there that each TCP connections’ packets would continue using the route 
> they found.  This seemed ridiculous.

I actually thought that the state cache of established connections is what you 
were implying.
While this may actually be true for "normal" routers within the AS, the BGP 
routers should not cache an "old" route when a new route is published by 
another AS for old connections.
I do not _believe_ the TCP connection will "magically" be routed through the 
"old" AS when it reaches the edge, but only somebody with actual BGP admin 
experience would know for sure I guess. In general, I would assume a BGP router 
does not care much about TCP.


> Jeff

Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to

[Prev in Thread] Current Thread [Next in Thread]