mailing list archives
Re: What Worked - What Didn't
From: Valdis.Kletnieks () vt edu
Date: Mon, 17 Sep 2001 14:46:25 -0400
On Mon, 17 Sep 2001 14:32:35 EDT, "Patrick W. Gilmore" <patrick () ianai net> said:
If someone can splice into my point-to-point OC system, fake being the
router on the other end, and keep my peer from calling me and asking what
You *do* do ingress and egress filtering of your own addresses, and have checked
that your router does in fact use cryptographically challenging seuquence
And even if you don't, using MD5 is not *that* expensive (or shouldn't be),
and provides security in depth.
Unfortunately, I'll bet there's a LOT of routers that don't have filtering
in place, don't have good sequence numbers, and don't use MD5. Enough said...
Operating Systems Analyst