IP economics morphed into (TCP/RST)

Stephen J. Wilcox steve at telecomplete.co.uk
Thu Apr 22 15:55:13 UTC 2004


On Thu, 22 Apr 2004, Blaine Christian wrote:

> 
> 
> > Can I use secondary IP addresses and then BGP with these addresses, this
> > would be a form of "security by obscurity" but providing you can keep the
> > info a secret thats surely going to do it?
> 
> It will depend on your architecture in large part.  In some cases there is
> absolutely no need to route the prefixes that you use for your BGP sessions
> beyond the devices doing BGP.  This can reduce your exposure to MD5 related
> cpu churn etc...

Yes, but (1) its difficult and (2) as these are external sessions I need to 
ensure my peers are doing the same, as the chances are they wont and the chances 
are the attack comes in externally then I'm still at risk

Steve




More information about the NANOG mailing list