[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP vs BGP attacks
|
From: |
Jeff Burdges |
|
Subject: |
Re: TCP vs BGP attacks |
|
Date: |
Tue, 9 Feb 2021 15:05:49 +0100 |
> On 9 Feb 2021, at 14:49, Schanzenbach, Martin <mschanzenbach@posteo.de> wrote:
> What do you mean by attack? An isolated AS? A brief hickup?
A malicious AS publishes a BGP route that send a specific targets' traffic to
itself, so that it can drop all traffic to and/or from the target. The
malicious AS is not concerned about collateral damage and only needs to
maintain the attack for a several minutes.
> If the endpoints are no longer connected (e.g. an AS is cut off), then it
> does not really matter which
> protocol you use, the communication will be disrupted. The application will
> have to handle that.
> For TCP, if the disruption is temporary it may be able to recover, as TJM
> said.
> A general "does not overly disrupt TCP connections" seems wrong to me though.
Right okay this is what I would expect.
> I do not see how an issue with BGP would be different from, say, an ARP
> spoofing attack.
> Both attacks target the network layer, not the transport.
Right okay
My question was specifically about *open* TCP connections. I’d assume the
major routers are fairly stateless, so there should be no difference between
TCP and UDP. I interpreted someone’s statements as claiming there was enough
state there that each TCP connections’ packets would continue using the route
they found. This seemed ridiculous.
Jeff