nanog mailing list archives
RE: route authentication
From: batz <batsy () vapour net>
Date: Tue, 4 Jun 2002 10:37:30 -0400 (EDT)
On Tue, 4 Jun 2002, Joshua Wright wrote: :I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5 :auth for BGP, but have been unsuccessful so far. The most difficult :challenge I face there is convincing people of the "need" with the lack of a :published exploit that the MD5 authentication would prevent. Have you asked them how they _know_ there isn't an exploit? Tim Newshams TCP ISN randomness vulnerabilites published last year (fixed by cisco, but others are unknown) should be evidence that there is a working chunk of code for exploiting TCP sessions. :So much for best practices. <sigh> "Best practices" seldom amounts to more than a euphemism for "Lowest common denominator". ;) -- batz
Current thread:
- route authentication Barbara Fraser (Jun 03)
- Re: route authentication Sean Donelan (Jun 04)
- Re: route authentication batz (Jun 04)
- Re: route authentication Richard A Steenbergen (Jun 04)
- Re: route authentication Rodney Thayer (Jun 04)
- Re: route authentication batz (Jun 04)
- <Possible follow-ups>
- RE: route authentication Joshua Wright (Jun 04)
- RE: route authentication batz (Jun 04)
- RE: route authentication Sean Donelan (Jun 04)
- Re: route authentication Sean Donelan (Jun 04)