IP economics morphed into (TCP/RST)
Stephen J. Wilcox
steve at telecomplete.co.uk
Thu Apr 22 15:55:13 UTC 2004
On Thu, 22 Apr 2004, Blaine Christian wrote:
>
>
> > Can I use secondary IP addresses and then BGP with these addresses, this
> > would be a form of "security by obscurity" but providing you can keep the
> > info a secret thats surely going to do it?
>
> It will depend on your architecture in large part. In some cases there is
> absolutely no need to route the prefixes that you use for your BGP sessions
> beyond the devices doing BGP. This can reduce your exposure to MD5 related
> cpu churn etc...
Yes, but (1) its difficult and (2) as these are external sessions I need to
ensure my peers are doing the same, as the chances are they wont and the chances
are the attack comes in externally then I'm still at risk
Steve
More information about the NANOG
mailing list