nanog mailing list archives
Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: Nick Hilliard <nick () foobar org>
Date: Sat, 03 Jan 2009 18:41:04 +0000
Hank Nussbacher wrote:
You mean like for BGP neighbors? Wanna suggest an alternative? :-)
tcp/md5 + gtsm (assuming directly connected peers) makes messing around with bgp sessions rather difficult. Filtering BGP packets at the edge and borders slightly more so. If you have CPU and sufficient quantities of administrivium to spare, you can use ipsec on your routers for these sessions. The real issue is how to make compromising bgp sessions sufficiently difficult to make it an unattractive target. Given that the cost of getting write access to the DFZ is not really very high either technically or financially, I'd propose that while gtsm / md5 / filtering aren't perfect, they raise the bar high enough to make it not really worth someone's while trying to break them; and IPsec more so. Nick
Current thread:
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Hank Nussbacher (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Martin List-Petersen (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Mikael Abrahamsson (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Hank Nussbacher (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Rubens Kuhl Jr. (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Marshall Eubanks (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Kevin Oberman (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Nick Hilliard (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Terje Bless (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Jasper Bryant-Greene (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)