tcp md5 bgp attacks?
rdobbins at arbor.net
Wed Aug 15 02:38:05 UTC 2018
On 15 Aug 2018, at 9:27, Randy Bush wrote:
> my theory is that, as the attacks were mitigated the attackers moved
> on to other things.
With regards to BGP, the MD5 thing was promulgated to counter what was a
largely theoretical threat. iACLs, and later GTSM and CoPP and LPTS and
so forth really obviated the need for it.
For IGPs, MD5 was belt-and-suspenders against someone deliberately or
accidentally bringing up a new router and manipulating traffic
internally. Passiving the IGP on non-core links was the BCP, but often
was honored in the breach; pushing an additional feature for 'security'
purposes got some folks' attention when the passiving BCP was ignored.
We still see DDoS attacks against routers, of course. But the goal
there is disruption of availability, not trying to move traffic onto
some alternate path which would somehow benefit the attacker.
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG