What Worked - What Didn't

• Previous message (by thread): What Worked - What Didn't
• Next message (by thread): What Worked - What Didn't
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 17 Sep 2001 14:32:35 EDT, "Patrick W. Gilmore" <patrick at ianai.net>  said:
> If someone can splice into my point-to-point OC system, fake being the 
> router on the other end, and keep my peer from calling me and asking what 

You *do* do ingress and egress filtering of your own addresses, and have checked
that your router does in fact use cryptographically challenging seuquence
numbers, right?

And even if you don't, using MD5 is not *that* expensive (or shouldn't be),
and provides security in depth.

Unfortunately, I'll bet there's a LOT of routers that don't have filtering
in place, don't have good sequence numbers, and don't use MD5.  Enough said...
-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010917/6e917415/attachment.sig>

• Previous message (by thread): What Worked - What Didn't
• Next message (by thread): What Worked - What Didn't
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]