TCP/BGP vulnerability - easier than you think

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 21, 2004 at 01:00:07PM +0200, Iljitsch van Beijnum wrote:
> > All things considered, I think MD5 authentication will lower the bar
> > for attackers, not raise it.  I'm sure code optimizations could fix
> > things to some degree, but that's just not the case today.
> 
> > Which begs the question, what is one to do,
> 
> How about:
> 
> access-list 123 deny   tcp any any eq bgp rst log-input
> access-list 123 deny   tcp any eq bgp any rst log-input
> 
> Unfortunately, not all vendors are able to look at the RST bit when 
> filtering...

The general ignorance to the fact that SYN works as well is
astonishing. :-)

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]