Winstar says there is no TCP/BGP vulnerability

• Previous message (by thread): Winstar says there is no TCP/BGP vulnerability
• Next message (by thread): Winstar says there is no TCP/BGP vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Py wrote:
> Christopher / Patrick,
> 
> > Christopher L. Morrow wrote:
> > I wasn't clear and for that I'm sorry. Except in the later
> > code trains, or until the recent past (1 year or so) changing
> > the BGP MD5 auth bits required the session to be reset.
> 
> Then I'm the one sorry because I never got it to work (I have not tried
> hard, I have to say); I always considered the session reset to be
> annoyance that was part of life. Dumb question: on what platforms is
> this working? If my memory is correct nothing below the 7200; I have
> seen numerous cases of peering with platforms such as 3600.

Have done around 100 of these in the past 24 hours.  It's not
related to platform AFAIK - we've successfully done the changes
on a lowly 2651 and 3620 without outages, but a 7200 with older
IOS did have an outage.

As a general guideline 12.0S and 12.1 have the session reset on
password change, but 12.2S, 12.3 and _latest_ 12.2 mainline do
not.  Older 12.2 mainline is unclear, I've had one case where
the session did reset (12.2(17a)) and a few where it did not
(12.2(23)), but I don't know for sure if the reset was caused
by not getting the password close enough to the right time in
the case it failed, or by IOS automatically resetting the
session like it did in earlier versions.

If you really want to know, test it in a lab.  If setting a
password results in a syslog message about the session being
reset due to password change, then it will reset due to a
password change :-)

David.

• Previous message (by thread): Winstar says there is no TCP/BGP vulnerability
• Next message (by thread): Winstar says there is no TCP/BGP vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]