tcp md5 bgp attacks?

• Previous message (by thread): tcp md5 bgp attacks?
• Next message (by thread): tcp md5 bgp attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15 Aug 2018, at 9:27, Randy Bush wrote:

> my theory is that, as the attacks were mitigated the attackers moved 
> on to other things.

With regards to BGP, the MD5 thing was promulgated to counter what was a 
largely theoretical threat.  iACLs, and later GTSM and CoPP and LPTS and 
so forth really obviated the need for it.

For IGPs, MD5 was belt-and-suspenders against someone deliberately or 
accidentally bringing up a new router and manipulating traffic 
internally.  Passiving the IGP on non-core links was the BCP, but often 
was honored in the breach; pushing an additional feature for 'security' 
purposes got some folks' attention when the passiving BCP was ignored.

We still see DDoS attacks against routers, of course.  But the goal 
there is disruption of availability, not trying to move traffic onto 
some alternate path which would somehow benefit the attacker.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): tcp md5 bgp attacks?
• Next message (by thread): tcp md5 bgp attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]