Re: Winstar says there is no TCP/BGP vulnerability

["Kevin Oberman" <oberman () es net>]

> Date: Wed, 28 Apr 2004 10:22:56 -0700
> From: Rodney Joffe <rjoffe () centergate com>
> Sender: owner-nanog () merit edu
>
> Joe Rhett wrote:
> > You do know how to spell assumption, right?
> >
> > They might have some very good reasons why they believe it isn't an issue,
> > or that they have worked around.  Why don't you ask, rather than spell?
>
> We did. They repeated their answer: We don't do MD5 currently.

I recently discovered that one router vendor out there does not support
MD5 authentication of BGP (even though it does for several other routing
protocols). If you happen to be stuck with this product, you don't do
MD5 authentication of BGP. 

No, I don't know who's product this is and I'd say that anyone using one
for real work should replace it yesterday, but I also know the reality of
fork-lift upgrades and corporate purchasing rules.

> So the customer is exercising his inalienable rights.
>
> And this loss of $200k+ in revenue helps Winstar how?

Education? 
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman () es net                       Phone: +1 510 486-8634