nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP/BGP vulnerability - easier than you think

From: John Kristoff <jtk () northwestern edu>
Date: Wed, 21 Apr 2004 20:51:23 -0500

On Wed, 21 Apr 2004 21:00:55 +0100 (IST)
Paul Jakma <paul () clubi ie> wrote:


risk of crypto DoS than compared to the simple BGP TCP MD5 hack. The 
risk is due to MD5, not IPSec :).


I would say the risk is due to implementation.  If the vendor's gear
vomits quicker due to a resource consumption issue in handling MD5, is
this really a problem with MD5?

These issues can usually be fixed by simply improving the scaling
properties of the implementation that may be required during adverse
conditions.

John
Previous By Date Next
Previous By Thread Next

Current thread: