IGP protocol

• Previous message (by thread): IGP protocol
• Next message (by thread): IGP protocol
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Saku Ytti wrote on 18/11/2018 10:59:
> AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care
> about. But for iBGP I consider this a problem:

one of the few uses for tcp/md5 protection on bgp sessions can be found 
at IXPs where if you have an participant leaving the fabric, there will 
often be leftover bgp sessions configured on other routers on the 
exchange.  Pre-configuring MD5 on BGP sessions will ensure that these 
cannot be used to spoof connectivity to the old network.

Nick

• Previous message (by thread): IGP protocol
• Next message (by thread): IGP protocol
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]