Home page logo

nanog logo nanog mailing list archives

RE: What Worked - What Didn't
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Mon, 17 Sep 2001 14:32:35 -0400

At 11:18 AM 9/17/2001 -0700, Randy Bush wrote:

>no one went after the comms infrastructure.  when they do, i suspect that
>we will find the internet is extremely vulnerable.  how many folk even
>have md5 auth turned on their bgp peering sessions?  what nievete!

If someone can splice into my point-to-point OC system, fake being the router on the other end, and keep my peer from calling me and asking what happened, well, then I have MUCH bigger things to worry about than whether my BGP session is valid. (And he probably has the capability to do whatever he wants, no matter how hard I try to stop him.)

As for public peering points, the ARP resolution would cause problems, and either I or my peer would notice pretty darned quickly. But only a small percentage of the traffic on the 'Net goes over public peering points these days anyway.

Not sure where else anyone could use MD5 on their BGP. Maybe I missed something?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]