tcp md5 bgp attacks?

Roland Dobbins rdobbins at arbor.net
Wed Aug 15 02:38:05 UTC 2018


On 15 Aug 2018, at 9:27, Randy Bush wrote:

> my theory is that, as the attacks were mitigated the attackers moved 
> on to other things.

With regards to BGP, the MD5 thing was promulgated to counter what was a 
largely theoretical threat.  iACLs, and later GTSM and CoPP and LPTS and 
so forth really obviated the need for it.

For IGPs, MD5 was belt-and-suspenders against someone deliberately or 
accidentally bringing up a new router and manipulating traffic 
internally.  Passiving the IGP on non-core links was the BCP, but often 
was honored in the breach; pushing an additional feature for 'security' 
purposes got some folks' attention when the passiving BCP was ignored.

We still see DDoS attacks against routers, of course.  But the goal 
there is disruption of availability, not trying to move traffic onto 
some alternate path which would somehow benefit the attacker.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>


More information about the NANOG mailing list