IGP protocol
Nick Hilliard
nick at foobar.org
Sun Nov 18 11:13:12 UTC 2018
Saku Ytti wrote on 18/11/2018 10:59:
> AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care
> about. But for iBGP I consider this a problem:
one of the few uses for tcp/md5 protection on bgp sessions can be found
at IXPs where if you have an participant leaving the fabric, there will
often be leftover bgp sessions configured on other routers on the
exchange. Pre-configuring MD5 on BGP sessions will ensure that these
cannot be used to spoof connectivity to the old network.
Nick
More information about the NANOG
mailing list