nanog mailing list archives
Re: BCP38 making it work, solving problems
From: JP Velders <jpv () veldersjes net>
Date: Tue, 19 Oct 2004 19:14:32 +0200 (CEST)
Date: Tue, 19 Oct 2004 09:21:46 -0700 From: Randy Bush <randy () psg com> Subject: Re: BCP38 making it work, solving problems
For example, how many ISPs use TCP MD5 to limit the possibility of a BGP/TCP connection getting hijacked or disrupted by a ddos attack?
i hope none use it for the latter, as it will not help. more and more use it for the former. why? becuase they perceived the need to solve an immediate problem, a weakness in a vendor's code.
Uhm, you might need to run that by me again... Hijacking the connection is in a completely different class as someone bombarding you with a bunch of forged BGP packets to close down a session. Without that MD5 checksum you are quite vulnerable to that. I haven't seen a vendor come up with a solution to that, because the problem is on a much more vendor-neutral level... Regards, JP Velders PS: ofcourse that MD5 option also causes problems for peerings to come back "up" again if you have to reboot/reload *without* properly closing them... :( Hey, pro's and con's are part of the job ;)
Current thread:
- Re: BCP38 making it work, solving problems, (continued)
- Re: BCP38 making it work, solving problems Christopher L. Morrow (Oct 12)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 12)
- Re: BCP38 making it work, solving problems alex (Oct 12)
- Re: BCP38 making it work, solving problems Steven Champeon (Oct 12)
- Re: BCP38 making it work, solving problems alex (Oct 12)
- Re: BCP38 making it work, solving problems Suresh Ramasubramanian (Oct 12)
- Re: BCP38 making it work, solving problems Steven Champeon (Oct 13)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Fred Baker (Oct 19)
- Re: BCP38 making it work, solving problems Randy Bush (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems David G. Andersen (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Patrick W Gilmore (Oct 19)
- Re: BCP38 making it work, solving problems Jon Lewis (Oct 20)
- Re: BCP38 making it work, solving problems Joe Abley (Oct 21)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Jared Mauch (Oct 19)
- Re: BCP38 making it work, solving problems Mark Andrews (Oct 19)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 12)