nanog mailing list archives
Re: MD5 considered harmful
From: harbor235 <harbor235 () gmail com>
Date: Tue, 31 Jan 2012 08:42:22 -0500
My thoughts are that you should filter traffic routed directly to your BGP speaking devices, traffic routing through a edge device and to an edge device are treated differently. BGP session protection using a MD5 password by itself is not securing the control plane, but it is a component of an overall secure edge posture. For example, md5 protection, plus edge filtering polices, plus ttl security, plus ........., make for a more secure edge. Also, It does not matter how many attempts compromising a BGP session occurs, it only takes one, so why not nail it down. Mike On Tue, Jan 31, 2012 at 12:39 AM, Keegan Holley <keegan.holley () sungard com>wrote:
I suppose so but BFD certainly has alot more moving parts then adding MDF checksums to an existing control packet. I'm not saying everyone should turn it on or off for that matter. I just don't see what the big deal is. Most of the shops I've seen have it on because of some long forgotten engineering standard. 2012/1/30 John Kristoff <jtk () cymru com>:On Fri, 27 Jan 2012 15:52:41 -0500 "Patrick W. Gilmore" <patrick () ianai net> wrote:Unfortunately, Network Engineers are lazy, impatient, and frequently clueless as well.While the quantity of peering sessions I've had is far less than yours, once upon a time when I had tried to get MD5 on dozens of peering sessions I learned quite a bit about those engineers and those networks. I got to find out who couldn't do password management, who never heard of MD5 and who had been listening to Patrick. :-) All good input that inform what else I might want to do to protect myself from those networks or who I wouldn't mind having a business relationship with. John
Current thread:
- Re: MD5 considered harmful, (continued)
- Re: MD5 considered harmful Christopher Morrow (Jan 27)
- Re: MD5 considered harmful Grzegorz Janoszka (Jan 27)
- Re: MD5 considered harmful Jared Mauch (Jan 27)
- Re: MD5 considered harmful Keegan Holley (Jan 27)
- Re: MD5 considered harmful Jeff Wheeler (Jan 27)
- Re: MD5 considered harmful Keegan Holley (Jan 27)
- Re: MD5 considered harmful Zaid Ali (Jan 27)
- Re: MD5 considered harmful Patrick W. Gilmore (Jan 27)
- Re: MD5 considered harmful John Kristoff (Jan 30)
- Re: MD5 considered harmful Keegan Holley (Jan 30)
- Re: MD5 considered harmful harbor235 (Jan 31)
- Re: MD5 considered harmful David Barak (Jan 31)
- Re: MD5 considered harmful Nick Hilliard (Jan 31)
- Re: MD5 considered harmful harbor235 (Jan 31)
- Re: MD5 considered harmful Lee (Jan 31)
- Re: MD5? Joel jaeggli (Jan 27)
- RE: MD5? George Bonser (Jan 27)