Winstar says there is no TCP/BGP vulnerability
Patrick W.Gilmore
patrick at ianai.net
Wed Apr 21 15:11:57 UTC 2004
On Apr 21, 2004, at 10:38 AM, Jared Mauch wrote:
> On Wed, Apr 21, 2004 at 10:19:10AM -0400, Patrick W.Gilmore wrote:
>>
>>> Yes, it generates more work to update the database,
>>> but OTOH it provides the LIII engineer with a lot more to
>>> troubleshoot
>>> issues. Is it simply not worth the work at your scale?
>>
>> Exactly.
>>
>> And you do not have to be at 701's scale for this to not work.
>
> We've not had these issues and have been using
> bgp passwords/md5 for years. We do have a fancy configuration
> managment system in place, whereby people put things into the
> database first before they configure the router.
Sorry, in this particular post, we were (or at least I was) talking
about having prefix filters for all your peers. I know I've talked a
lot about MD5 lately, just thought it would be a nice change of
subject. :)
If you do prefix filter all your peers, that is impressive. Do you get
out of sync a lot? Does it help keep the network more stable? Or do
process problems make it worse than just max-prefixes on a peer?
--
TTFN,
patrick
More information about the NANOG
mailing list