Re: MD5 in BGP4

["Steven M. Bellovin" <smb () research att com>]

In message <200007121609.KAA09225 () tcb net>, Danny McPherson writes:
> The primary goal of the BGP MD5 signature option is 
> to protect the TCP substrate from introduction of 
> spoofed TCP segments such a TCP RSTs.  These segments
> could easily be injected from anywhere on the Internet.
>
> Lots of service providers employ the TCP MD5 signature 
> option stuff to protect both internal and external BGP 
> sessions in their networks.  It really doesn't matter 
> if the neighbors are directly connected or not, BGP 
> rides on IP and is therefore vulnerable to "packet bombs" 
> and the like from anywhere, regardless of whether the 
> peer is internal, external or external multi-hop.
>
> Expoliting such a vulernability is trivial, actually, in 
> any of these configurations.  All one needs to know is a 
> tiny amount of information associated with the BGP session.  
> Though MD5 clearly isn't perfect, it does make is 
> considerably more difficult.  
>
> Using MD5 stuff with IP-based protocols such as BGP & OSPF
> is strongly advised.  Obviously, IS-IS and similar protocols
> are less vulnerable.

Right.  To learn how to hijack a TCP session, see 

@inproceedings{hijack,
        title = {A Simple Active Attack Against {TCP}},
        author = {Laurent Joncheray},
        year = 1995,
        booktitle = {Proceedings of the Fifth Usenix \Unix\ Security Symposium},
        address = {Salt Lake City, UT}
}

IPsec protection is even stronger than the MD5 signature option 
described in RFC 2385, but 2385 if *far* better than nothing.  (Btw -- 
since 2385 requires a TCP option, it's implemented in the stack, and 
not at application level.)

                --Steve Bellovin