Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Router's Missed Range Check Nearly Crashed the Internet

Posted by timothy on from the pssst-don't-pass-it-on dept.

Barlaam writes "A bug by router vendor A (omitting a range check from a critical field in the configuration interface) tickled a bug from router vendor B (dropping BGP sessions when processing some ASPATH attributes with length very close to 256), causing a ripple effect that caused widespread global routing instability last week. The flaw lay dormant until one of vendor A's systems was deployed in an autonomous system whose ASN, modulo 256, was greater than 250. At that point, the Internet was one typo away from disaster. Other router vendors, who were not affected by the bug, happily propagated the trigger message to every vulnerable system on the planet in about 30 seconds. Few people appreciate how fragile and unsecured the Internet's trust-based critical infrastructure really is — this is just the latest example." Vendor A, in this case, is a Latvian router vendor called MikroTik.

20 of 196 comments (clear)

  1. No more routers...think of the children by Mrs.+Grundy · · Score: 5, Funny

    I'm sure nobody here would argue with me if I suggested that the internet would be a much safer place without routers.

    1. Re:No more routers...think of the children by Anonymous Coward · · Score: 1, Funny

      Whoosh!

    2. Re:No more routers...think of the children by macraig · · Score: 2, Funny

      What's this about a world with no reuters?

    3. Re:No more routers...think of the children by macraig · · Score: 3, Funny

      Think of the starving journalists!

    4. Re:No more routers...think of the children by Ihmhi · · Score: 2, Funny

      Well of course, power tools are dangerous.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    5. Re:No more routers...think of the children by ion.simon.c · · Score: 4, Funny

      Just b/c someone was asleep at the switch and let a bug slip into routers, doesn't mean the internet is better with just switches.

      Duh. PP's not talking about switches. He's talking about *hubs*.

  2. Re:Gee, known Cisco bug causes problems by Shakrai · · Score: 5, Funny

    From long experience most people agree... if it isn't broken, don't fix it.

    Reminds me of an old "offensive" fortune quote: Working computer hardware is a lot like an erect penis. It stays up as long as you don't fuck with it.

    If you have no clue what offensive fortunes are try 'fortune -o'. They are great when you are stoned, drunk or just bored at work. If you don't have fortune installed then you are clearly on the wrong website ;)

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  3. FTA by drDugan · · Score: 3, Funny

    "The Internet was back to normal in short order."

    Well, not completely normal, not yet.

  4. Re:Same story, different spin??? by Anonymous Coward · · Score: 0, Funny

    parent here...

    No, I'm the parent!

  5. Fragile Internet by tick-tock-atona · · Score: 5, Funny

    Few people appreciate how fragile and unsecured the Internet's trust-based critical infrastructure really is - this is just the latest example.

    Yeah. Like how everyone is trusted not to google "google".

  6. I love this article's summary. by Korey+Kaczor · · Score: 5, Funny

    The next time someone needs you to fix a computer problem and asks what went wrong, simply give them this article's summary as the reason why, replacing "router" and "Internet" with the the defective part in question. You're also guarenteed to look a bit sharper, too.

    "A bug by power supply vendor A (omitting a range check from a critical field in the configuration interface) tickled a bug from power supply vendor B (dropping BGP sessions when processing some ASPATH attributes with length very close to 256), causing a ripple effect that caused widespread global routing instability last week. The flaw lay dormant until one of vendor A's systems was deployed in an autonomous system whose ASN, modulo 256, was greater than 250. At that point, the power supply was one typo away from disaster. Other power supply vendors, who were not affected by the bug, happily propagated the trigger message to every vulnerable system on the planet in about 30 seconds. Few people appreciate how fragile and unsecured the power supply's trust-based critical infrastructure really is â" this is just the latest example."

  7. Re:Same story, different spin??? by Anonymous Coward · · Score: 1, Funny

    No, I'm Spartac--wait, what?

  8. Movie script? by Mathness · · Score: 2, Funny

    Summary reads like the script for a bad disaster movie.

    --
    Carbon based humanoid in training.
  9. Re:Same story, different spin??? by Jamie's+Nightmare · · Score: 3, Funny

    No, it's best to keep him here where he can do less damage. We wouldn't want him to fill an editorial position at Fox News.

    --
    "When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
  10. Re:Vendor B by Anonymous Coward · · Score: 1, Funny

    so people who bought their product KNOWM

    WTF does that mean?

  11. Re:Vendor B by Shag · · Score: 5, Funny

    so people who bought their product KNOWM

    WTF does that mean?

    It means some people don't know how to spell GNOME.

    --
    Village idiot in some extremely smart villages.
  12. Re:Vendor B by Anonymous Coward · · Score: 4, Funny

    False. It's really the codename for the top-secret new GNOME/KDE hybrid. If anyone asks you didn't hear it from me.

  13. Just one tyop by yotto · · Score: 2, Funny

    At that point, the Internet was one typo away from disaster.

    I wonder how long that took?

    --
    Pulp Audio Weekly - Geek News and Reviews
  14. Re:Nearly crashed the Internet? by Paaskonijn · · Score: 4, Funny

    I don't know about it nearly crashing the Internet. How many people actually noticed a difference that day, for that matter?

    Well, sure, nobody noticed... But they all nearly noticed!

  15. Re:Reminds me of a story by Darkk · · Score: 2, Funny

    Bad idea. Generally you want to stick to one vendor that you can trust to support your products either be Cisco or some other company.

    This way you'll have identical hardware for redundancy. If a bug is found in the firmware you just have to bug the vendor for a fix or threaten them that you're going to stop buying their products and go with a different vendor.