BCP38 making it work, solving problems

Randy Bush randy at psg.com
Tue Oct 19 16:21:46 UTC 2004

> For example, how many ISPs use TCP MD5 to limit the possibility of a 
> BGP/TCP connection getting hijacked or disrupted by a ddos attack?

i hope none use it for the latter, as it will not help.  more and
more use it for the former.  why?  becuase they perceived the need
to solve an immediate problem, a weakness in a vendor's code.

> Where ingress filters don't help, of course, is when the attacks come from 
> an apparently-legitimate address.

many folk see that this is the vast majority of the cases.  hence,
one reason for the lack of adoption of rfc 2827


More information about the NANOG mailing list