tcp md5 bgp attacks?

Tue Aug 14 22:05:09 UTC 2018

Just to point out -
Data about md5 attacks from various organizations will depend on a number of factors such as -
Is BGP TTL Security check being done?
Are anti-spoofing ACLs enabled?
uRPF enabled? Strict or Loose?
BGP Session over a separate interface (tunnel)?

With Gratitude,

Pratik Lotia  |  Security Engineer  | Advanced Engineering Security
Charter Communications

"A satisfied customer is the best business strategy of all."

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Randy Bush
Sent: Tuesday, August 14, 2018 3:39 PM
To: North American Network Operators' Group
Subject: tcp md5 bgp attacks?

so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?

we were unable to find bgp mib counters.  there are igp interface
counters, but that was not our immediate interest.  we did find
that md5 failures are logged.

looking at my logs for a few years, i find essentially nothing;
two 'attackers,' one my own ibgp peer, and one that noted evildoer
rob thomas, bgprs01.ord08.cymru.com.

we would be interested in data from others.

note that we are neither contemplating nor suggesting removing md5
from [y]our bgp sessions.

randy
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.