nanog mailing list archives

Re: tcp md5 bgp attacks?

From: Job Snijders <job () ntt net>
Date: Wed, 15 Aug 2018 01:36:02 +0200

On Tue, Aug 14, 2018 at 05:28:13PM -0600, Grant Taylor via NANOG wrote:

On 08/14/2018 03:38 PM, Randy Bush wrote:

so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?


n00b response here

I thought using ACLs or otherwise protecting the BGP endpoint was best
practice.  Thus it's really hard to even try break an MD5 protected
BGP session if you can't even establish the TCP connection.

Everything that I've seen or set up had an ACL to only allow the
peer(s) to be able to connect to (from memory) TCP port 179.

Is there something that I've missed the boat on?

#learningOpportunity


To further harden your setup, consider using GTSM

    https://tools.ietf.org/html/rfc5082

Kind regards,

Job

Current thread:

tcp md5 bgp attacks? Randy Bush (Aug 14)
- Re: tcp md5 bgp attacks? Grant Taylor via NANOG (Aug 14)
  - Re: tcp md5 bgp attacks? Job Snijders (Aug 14)
  - Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
  - Re: tcp md5 bgp attacks? Fred Baker (Aug 15)
- Re: tcp md5 bgp attacks? joel jaeggli (Aug 14)
  - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 15)
    - Re: tcp md5 bgp attacks? joel jaeggli (Aug 14)
    - Re: tcp md5 bgp attacks? Niels Bakker (Aug 19)
- RE: tcp md5 bgp attacks? Lotia, Pratik M (Aug 15)
  - Re: tcp md5 bgp attacks? Garrett Skjelstad (Aug 20)

(Thread continues...)