TCP/BGP vulnerability - easier than you think

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 21-apr-04, at 12:44, Adam Rothschild wrote:

> All things considered, I think MD5 authentication will lower the bar
> for attackers, not raise it.  I'm sure code optimizations could fix
> things to some degree, but that's just not the case today.

> Which begs the question, what is one to do,

How about:

access-list 123 deny   tcp any any eq bgp rst log-input
access-list 123 deny   tcp any eq bgp any rst log-input

Unfortunately, not all vendors are able to look at the RST bit when 
filtering...

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]