01-13-2013 04:22 AM - edited 03-09-2019 11:58 PM
I think it is possible for someone to craft a BGP packet and try 100K session on ISP's all internet facing router at a sametime to bring down his Internet service (internet routers)?
If yes how can I prevent or metigate it?
Regards,
Mukesh
01-13-2013 04:39 AM
You can implement a couple of features to protect your router. TTL-Security-Check is one of them that could work in your environment:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html
And Team Cymru has some templates to secure the routers:
http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community