TCP/BGP vulnerability - easier than you think
Iljitsch van Beijnum
iljitsch at muada.com
Wed Apr 21 11:00:07 UTC 2004
On 21-apr-04, at 12:44, Adam Rothschild wrote:
> All things considered, I think MD5 authentication will lower the bar
> for attackers, not raise it. I'm sure code optimizations could fix
> things to some degree, but that's just not the case today.
> Which begs the question, what is one to do,
How about:
access-list 123 deny tcp any any eq bgp rst log-input
access-list 123 deny tcp any eq bgp any rst log-input
Unfortunately, not all vendors are able to look at the RST bit when
filtering...
More information about the NANOG
mailing list