Home page logo

nanog logo nanog mailing list archives

Re: What Worked - What Didn't
From: Valdis.Kletnieks () vt edu
Date: Mon, 17 Sep 2001 14:46:25 -0400

On Mon, 17 Sep 2001 14:32:35 EDT, "Patrick W. Gilmore" <patrick () ianai net>  said:
If someone can splice into my point-to-point OC system, fake being the 
router on the other end, and keep my peer from calling me and asking what 

You *do* do ingress and egress filtering of your own addresses, and have checked
that your router does in fact use cryptographically challenging seuquence
numbers, right?

And even if you don't, using MD5 is not *that* expensive (or shouldn't be),
and provides security in depth.

Unfortunately, I'll bet there's a LOT of routers that don't have filtering
in place, don't have good sequence numbers, and don't use MD5.  Enough said...
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]