Winstar says there is no TCP/BGP vulnerability

• Previous message (by thread): Winstar says there is no TCP/BGP vulnerability
• Next message (by thread): Winstar says there is no TCP/BGP vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Christopher L. Morrow" <christopher.morrow at mci.com> writes:

> there is the issue of changing the keys during operations without
> impacting the network, eh? Having to bounce every bgp session in your
> network can be pretty darned painful... if you change the key(s) of
> course. If you don't you might as well not have keys, since adding the
> 3 lines of C code required to Paul Watsons' program making it do
> the hashing certainly won't be a big deal, eh?

I've added keys without bouncing the sessions...  doesn't seem to
cause any difficulties at all.  You just add the password clause on
both ends within the window for a BGP keepalive timeout.  Worst case,
this line:

   Milwaukee#sho ip bgp neigh 203.176.61.22 | inc md5
   Flags: passive open, nagle, gen tcbs, md5
   Milwaukee#

is lying, and the md5 won't actually come up until some nogoodnik or
bad fortune causes the session to bounce.  12.0S.

                                        ---Rob

• Previous message (by thread): Winstar says there is no TCP/BGP vulnerability
• Next message (by thread): Winstar says there is no TCP/BGP vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]