nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What Worked - What Didn't

From: Valdis.Kletnieks () vt edu
Date: Mon, 17 Sep 2001 14:46:25 -0400
On Mon, 17 Sep 2001 14:32:35 EDT, "Patrick W. Gilmore" <patrick () ianai net>  said:

If someone can splice into my point-to-point OC system, fake being the 
router on the other end, and keep my peer from calling me and asking what 


You *do* do ingress and egress filtering of your own addresses, and have checked
that your router does in fact use cryptographically challenging seuquence
numbers, right?

And even if you don't, using MD5 is not *that* expensive (or shouldn't be),
and provides security in depth.

Unfortunately, I'll bet there's a LOT of routers that don't have filtering
in place, don't have good sequence numbers, and don't use MD5.  Enough said...
-- 
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: