nanog mailing list archives
Re: Winstar says there is no TCP/BGP vulnerability
From: "Kevin Oberman" <oberman () es net>
Date: Wed, 28 Apr 2004 10:38:45 -0700
Date: Wed, 28 Apr 2004 10:22:56 -0700 From: Rodney Joffe <rjoffe () centergate com> Sender: owner-nanog () merit edu Joe Rhett wrote:You do know how to spell assumption, right? They might have some very good reasons why they believe it isn't an issue, or that they have worked around. Why don't you ask, rather than spell?We did. They repeated their answer: We don't do MD5 currently.
I recently discovered that one router vendor out there does not support MD5 authentication of BGP (even though it does for several other routing protocols). If you happen to be stuck with this product, you don't do MD5 authentication of BGP. No, I don't know who's product this is and I'd say that anyone using one for real work should replace it yesterday, but I also know the reality of fork-lift upgrades and corporate purchasing rules.
So the customer is exercising his inalienable rights. And this loss of $200k+ in revenue helps Winstar how?
Education? -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman () es net Phone: +1 510 486-8634
Current thread:
- Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability, (continued)
- Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability Charles Sprickman (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Joe Rhett (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Dan Hollis (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability James (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability E.B. Dreger (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Pekka Savola (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability E.B. Dreger (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Joe Rhett (Apr 28)
- Re: Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 28)
- Re: Winstar says there is no TCP/BGP vulnerability Kevin Oberman (Apr 28)
- Re: Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 28)
- Re: Winstar says there is no TCP/BGP vulnerability James (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Deepak Jain (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability James (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Dan Hollis (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Daniel Senie (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Christopher L. Morrow (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Patrick W . Gilmore (Apr 22)