MD5 for TCP/BGP Sessions
Pekka Savola
pekkas at netcore.fi
Thu Mar 31 06:23:59 UTC 2005
On Thu, 31 Mar 2005, Stephen J. Wilcox wrote:
> without wishing to repeat what can be googled for.. putting acls on your edge to
> protect your ebgp sessions wont work for obvious reasons -- to spoof data and
> disrupt a session you have to spoof the srcip which of course the acl will allow
> in
This is why this helps for eBGP sessions only the peer is also
protecting its borders. I.e., if you know the peer's network has
spoofing-prevention enabled, nobody is able to spoof the srcip the
peer uses.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the NANOG
mailing list