tcp md5 bgp attacks?
garrett at skjelstad.org
Sun Aug 19 21:36:34 UTC 2018
Nah, they aren't asking about the other things, and only the order of
operations which vary per vendor will matter.
If I am reading correctly, they aren't asking about only successful MD5
attacks, but MD5 attacks in general.
All the rest of your listed security configurations would be 'extra' router
On Wed, Aug 15, 2018, 06:43 Lotia, Pratik M <Pratik.Lotia at charter.com>
> Just to point out -
> Data about md5 attacks from various organizations will depend on a number
> of factors such as -
> Is BGP TTL Security check being done?
> Are anti-spoofing ACLs enabled?
> uRPF enabled? Strict or Loose?
> BGP Session over a separate interface (tunnel)?
> With Gratitude,
> Pratik Lotia | Security Engineer | Advanced Engineering Security
> Charter Communications
> "A satisfied customer is the best business strategy of all."
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Randy Bush
> Sent: Tuesday, August 14, 2018 3:39 PM
> To: North American Network Operators' Group
> Subject: tcp md5 bgp attacks?
> so we started to wonder if, since we started protecting our bgp
> sessions with md5 (in the 1990s), are there still folk trying to
> we were unable to find bgp mib counters. there are igp interface
> counters, but that was not our immediate interest. we did find
> that md5 failures are logged.
> looking at my logs for a few years, i find essentially nothing;
> two 'attackers,' one my own ibgp peer, and one that noted evildoer
> rob thomas, bgprs01.ord08.cymru.com.
> we would be interested in data from others.
> note that we are neither contemplating nor suggesting removing md5
> from [y]our bgp sessions.
> E-MAIL CONFIDENTIALITY NOTICE:
> The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or legally
> privileged information. If you are not the intended recipient of this
> message or if this message has been addressed to you in error, please
> immediately alert the sender by reply e-mail and then delete this message
> and any attachments. If you are not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or storage of
> this message or any attachment is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG