nanog mailing list archives
Re: MD5 for TCP/BGP Sessions
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Thu, 31 Mar 2005 11:27:06 +0100 (BST)
On Thu, 31 Mar 2005, Pekka Savola wrote:
On Thu, 31 Mar 2005, Stephen J. Wilcox wrote:without wishing to repeat what can be googled for.. putting acls on your edge to protect your ebgp sessions wont work for obvious reasons -- to spoof data and disrupt a session you have to spoof the srcip which of course the acl will allow inThis is why this helps for eBGP sessions only the peer is also protecting its borders. I.e., if you know the peer's network has spoofing-prevention enabled, nobody is able to spoof the srcip the peer uses.
trusting a third party to protect your network is imho not best practice, in addition many networks may have considerable customers inside them making attacking from inside trivial Steve
Current thread:
- MD5 for TCP/BGP Sessions Doug Legge (Mar 30)
- Re: MD5 for TCP/BGP Sessions John Kristoff (Mar 30)
- Re: MD5 for TCP/BGP Sessions Pekka Savola (Mar 30)
- Re: MD5 for TCP/BGP Sessions Stephen J. Wilcox (Mar 30)
- Re: MD5 for TCP/BGP Sessions vijay gill (Mar 30)
- Re: MD5 for TCP/BGP Sessions Christopher L. Morrow (Mar 30)
- Re: MD5 for TCP/BGP Sessions vijay gill (Mar 30)
- Re: MD5 for TCP/BGP Sessions Christopher L. Morrow (Mar 30)
- Re: MD5 for TCP/BGP Sessions Pekka Savola (Mar 30)
- Re: MD5 for TCP/BGP Sessions Pekka Savola (Mar 30)
- Re: MD5 for TCP/BGP Sessions Stephen J. Wilcox (Mar 31)
- Re: MD5 for TCP/BGP Sessions Pekka Savola (Mar 31)
- Re: MD5 for TCP/BGP Sessions Eduardo Ascenco Reis (Mar 31)
- Re: MD5 for TCP/BGP Sessions John Kristoff (Mar 30)