tcp md5 bgp attacks?

• Previous message (by thread): tcp md5 bgp attacks?
• Next message (by thread): tcp md5 bgp attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nah, they aren't asking about the other things, and only the order of
operations which vary per vendor will matter.

If I am reading correctly, they aren't asking about only successful MD5
attacks, but MD5 attacks in general.

All the rest of your listed security configurations would be 'extra' router
demographics.

-Garrett

On Wed, Aug 15, 2018, 06:43 Lotia, Pratik M <Pratik.Lotia at charter.com>
wrote:

> Just to point out -
> Data about md5 attacks from various organizations will depend on a number
> of factors such as -
> Is BGP TTL Security check being done?
> Are anti-spoofing ACLs enabled?
> uRPF enabled? Strict or Loose?
> BGP Session over a separate interface (tunnel)?
>
>
>
> With Gratitude,
>
>
> Pratik Lotia  |  Security Engineer  | Advanced Engineering Security
> Charter Communications
>
> "A satisfied customer is the best business strategy of all."
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Randy Bush
> Sent: Tuesday, August 14, 2018 3:39 PM
> To: North American Network Operators' Group
> Subject: tcp md5 bgp attacks?
>
> so we started to wonder if, since we started protecting our bgp
> sessions with md5 (in the 1990s), are there still folk trying to
> attack?
>
> we were unable to find bgp mib counters.  there are igp interface
> counters, but that was not our immediate interest.  we did find
> that md5 failures are logged.
>
> looking at my logs for a few years, i find essentially nothing;
> two 'attackers,' one my own ibgp peer, and one that noted evildoer
> rob thomas, bgprs01.ord08.cymru.com.
>
> we would be interested in data from others.
>
> note that we are neither contemplating nor suggesting removing md5
> from [y]our bgp sessions.
>
> randy
> E-MAIL CONFIDENTIALITY NOTICE:
> The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or legally
> privileged information. If you are not the intended recipient of this
> message or if this message has been addressed to you in error, please
> immediately alert the sender by reply e-mail and then delete this message
> and any attachments. If you are not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or storage of
> this message or any attachment is strictly prohibited.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180819/4cc51f83/attachment.html>

• Previous message (by thread): tcp md5 bgp attacks?
• Next message (by thread): tcp md5 bgp attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]