nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability (fwd)

From: "Peering" <Peering () xspedius com>
Date: Wed, 21 Apr 2004 11:14:55 -0400

All,

Xspedius (formerly e.spire/ACSI) is in the process of converting BGP
connections to MD5.  We have already done so with both of our transit
providers and we're working on contacting customers that we do BGP with.

If anyone is a customer of Xspedius and wants to convert to MD5, please
email me or open a ticket with the NOC and request that it be referred
to Dwayne Chin in Tier II DMC, who is working with me on this project.
Otherwise, we will be contacting you directly.

Regards,
Diane Turley
Network Engineer
Xspedius Communications Co.
peering () xspedius com

---------- Forwarded message ----------
Date: Tue, 20 Apr 2004 15:30:30 -0600
From: " John Brown (CV)" <jmbrown () chagresventures com>
To: Rodney Joffe <rjoffe () centergate com>
Cc: NANOG <nanog () merit edu>
Subject: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP
    vulnerability


Seems Xspedius aka E.SPire aka ACSI   doesn't feel that MD5 is
important on their BGP sessions either.

Based on the ticket we filed last week, Managment does not
feel its warranted to make these changes.


On the other hand, SPRINT  was willing and able to take MD5 session info
right away.  WAY TO GO SPRINT.


On Tue, Apr 20, 2004 at 01:44:44PM -0700, Rodney Joffe wrote:


Perhaps we are all making too much of this...

It appears that Winstar feels that there is no need for MD5 
authentication of peering sessions. One of our customers has just had 
the following response from Winstar following a request to implement 
MD5 on their OC3 connection to Winstar. My first suggestion is to 
locate another upstream provider (they have 3 already).

However, perhaps someone from Winstar would care to help us all 
understand what the alternative solution is to securing the session 
via MD5? I would *love* an alternative to the 5 days of work we've 
just gone through.


-----Original Message-----
From: Justin Crawford - NMCW Engineer [mailto:jcrawford () winstar net]
Sent: Tuesday, April 20, 2004 11:13 AM
To: xxxxxx
Subject: Re: *****SPAM***** MD5 implimentation on BGP

xxxxx,

Winstar does not currently run MD5 authentication with our peers.

Thanks

Justin

Thank you for your time and business

Justin Crawford
Winstar NMCW
Ph: 206-xxx.xxxx


Has anyone else run in to this with Winstar?

--
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(SM)
Previous By Date Next
Previous By Thread Next

Current thread: