Winstar says there is no TCP/BGP vulnerability

• Previous message (by thread): Winstar says there is no TCP/BGP vulnerability
• Next message (by thread): Winstar says there is no TCP/BGP vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Date: Wed, 28 Apr 2004 10:22:56 -0700
> From: Rodney Joffe <rjoffe at centergate.com>
> Sender: owner-nanog at merit.edu
> 
> Joe Rhett wrote:
> > 
> > You do know how to spell assumption, right?
> > 
> > They might have some very good reasons why they believe it isn't an issue,
> > or that they have worked around.  Why don't you ask, rather than spell?
> 
> We did. They repeated their answer: We don't do MD5 currently.

I recently discovered that one router vendor out there does not support
MD5 authentication of BGP (even though it does for several other routing
protocols). If you happen to be stuck with this product, you don't do
MD5 authentication of BGP. 

No, I don't know who's product this is and I'd say that anyone using one
for real work should replace it yesterday, but I also know the reality of
fork-lift upgrades and corporate purchasing rules.

> So the customer is exercising his inalienable rights.
> 
> And this loss of $200k+ in revenue helps Winstar how?

Education? 
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634

• Previous message (by thread): Winstar says there is no TCP/BGP vulnerability
• Next message (by thread): Winstar says there is no TCP/BGP vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]