md5 for bgp tcp sessions
Robert E.Seastrom
rs at seastrom.com
Thu Jun 23 15:51:42 UTC 2005
Eric Gauthier <eric at roxanne.org> writes:
> Honestly, I completely agree with you that MD5'ing our OSPF
> adjacencies isn't a great idea (I've so far stalled its roll-out).
> I strongly argued against it internally. There were, however, those
> in both the networking and security groups that were concerned about
> the OSPF vulnerabilities that were pointed out recently and were in
> favor of the MD5s as the mitigation method.
passive-interface is your friend.
---rob
More information about the NANOG
mailing list