nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 making it work, solving problems

From: Randy Bush <randy () psg com>
Date: Tue, 19 Oct 2004 09:21:46 -0700


For example, how many ISPs use TCP MD5 to limit the possibility of a 
BGP/TCP connection getting hijacked or disrupted by a ddos attack?


i hope none use it for the latter, as it will not help.  more and
more use it for the former.  why?  becuase they perceived the need
to solve an immediate problem, a weakness in a vendor's code.


Where ingress filters don't help, of course, is when the attacks come from 
an apparently-legitimate address.


many folk see that this is the vast majority of the cases.  hence,
one reason for the lack of adoption of rfc 2827

randy
Previous By Date Next
Previous By Thread Next

Current thread: