nanog mailing list archives
RE: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability (fwd)
From: "Peering" <Peering () xspedius com>
Date: Wed, 21 Apr 2004 11:14:55 -0400
All, Xspedius (formerly e.spire/ACSI) is in the process of converting BGP connections to MD5. We have already done so with both of our transit providers and we're working on contacting customers that we do BGP with. If anyone is a customer of Xspedius and wants to convert to MD5, please email me or open a ticket with the NOC and request that it be referred to Dwayne Chin in Tier II DMC, who is working with me on this project. Otherwise, we will be contacting you directly. Regards, Diane Turley Network Engineer Xspedius Communications Co. peering () xspedius com ---------- Forwarded message ---------- Date: Tue, 20 Apr 2004 15:30:30 -0600 From: " John Brown (CV)" <jmbrown () chagresventures com> To: Rodney Joffe <rjoffe () centergate com> Cc: NANOG <nanog () merit edu> Subject: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability Seems Xspedius aka E.SPire aka ACSI doesn't feel that MD5 is important on their BGP sessions either. Based on the ticket we filed last week, Managment does not feel its warranted to make these changes. On the other hand, SPRINT was willing and able to take MD5 session info right away. WAY TO GO SPRINT. On Tue, Apr 20, 2004 at 01:44:44PM -0700, Rodney Joffe wrote:
Perhaps we are all making too much of this... It appears that Winstar feels that there is no need for MD5 authentication of peering sessions. One of our customers has just had the following response from Winstar following a request to implement MD5 on their OC3 connection to Winstar. My first suggestion is to locate another upstream provider (they have 3 already). However, perhaps someone from Winstar would care to help us all understand what the alternative solution is to securing the session via MD5? I would *love* an alternative to the 5 days of work we've just gone through.-----Original Message----- From: Justin Crawford - NMCW Engineer [mailto:jcrawford () winstar net] Sent: Tuesday, April 20, 2004 11:13 AM To: xxxxxx Subject: Re: *****SPAM***** MD5 implimentation on BGP xxxxx, Winstar does not currently run MD5 authentication with our peers. Thanks Justin Thank you for your time and business Justin Crawford Winstar NMCW Ph: 206-xxx.xxxxHas anyone else run in to this with Winstar? -- Rodney Joffe CenterGate Research Group, LLC. http://www.centergate.com "Technology so advanced, even we don't understand it!"(SM)
Current thread:
- RE: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability (fwd) Peering (Apr 21)