nanog mailing list archives

RE: BGP Exploit

From: "Smith, Donald" <Donald.Smith () qwest com>
Date: Wed, 5 May 2004 08:42:20 -0600


%tcp-6-badauth: No MD5 digest from SRC.IP.NET.HOST(portnumber) to
DST.IP.NET.HOST(portnumber)

Donald.Smith () qwest com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767 AF00 EDCC
kill -13 111.2

-----Original Message-----
From: james [mailto:hackerwacker () cybermesa com] 
Sent: Tuesday, May 04, 2004 4:41 PM
To: Smith, Donald
Cc: nanog () merit edu
Subject: Re: BGP Exploit 

What would a Cisco log if the IP's for the BGP sessions were 
attacked & MD5 was in place ? "No MD5 digest from <IP>", " 
Invalid MD5 digest from <IP>" or something else ? So far, 
grepping through my logs all I see for "MD5" are the the 
times I set MD5 for my BGP sessions.

-- 
James H. Edwards
Routing and Security
At the Santa Fe Office: Internet at Cyber Mesa 
jamesh () cybermesa com noc () cybermesa com
(505) 795-7101

Current thread:

BGP Exploit kwallace (May 03)
- Re: BGP Exploit Patrick W . Gilmore (May 03)
- Re: BGP Exploit Kurt Erik Lindqvist (May 04)
  - Re: BGP Exploit Steven M. Bellovin (May 04)
- <Possible follow-ups>
- RE: BGP Exploit Smith, Donald (May 04)
  - Re: BGP Exploit james (May 04)
  - RE: BGP Exploit Stephen J. Wilcox (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
- RE: BGP Exploit Smith, Donald (May 05)
  - Re: BGP Exploit Patrick W . Gilmore (May 05)
    - Re: BGP Exploit Christopher L. Morrow (May 05)
    - Re: BGP Exploit Patrick W . Gilmore (May 06)
    - Re: BGP Exploit Christopher L. Morrow (May 06)
    - Re: BGP Exploit Ingo (May 07)
- RE: BGP Exploit Smith, Donald (May 06)
- RE: BGP Exploit Mark Johnson (May 12)
  - Re: BGP Exploit Danny McPherson (May 12)
- RE: BGP Exploit Mark Johnson (May 13)

(Thread continues...)