nanog mailing list archives

Re: tcp md5 bgp attacks?

From: Garrett Skjelstad <garrett () skjelstad org>
Date: Sun, 19 Aug 2018 14:36:34 -0700

Nah, they aren't asking about the other things, and only the order of
operations which vary per vendor will matter.

If I am reading correctly, they aren't asking about only successful MD5
attacks, but MD5 attacks in general.

All the rest of your listed security configurations would be 'extra' router
demographics.

-Garrett

On Wed, Aug 15, 2018, 06:43 Lotia, Pratik M <Pratik.Lotia () charter com>
wrote:

Just to point out -
Data about md5 attacks from various organizations will depend on a number
of factors such as -
Is BGP TTL Security check being done?
Are anti-spoofing ACLs enabled?
uRPF enabled? Strict or Loose?
BGP Session over a separate interface (tunnel)?



With Gratitude,


Pratik Lotia  |  Security Engineer  | Advanced Engineering Security
Charter Communications

"A satisfied customer is the best business strategy of all."

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Randy Bush
Sent: Tuesday, August 14, 2018 3:39 PM
To: North American Network Operators' Group
Subject: tcp md5 bgp attacks?

so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?

we were unable to find bgp mib counters.  there are igp interface
counters, but that was not our immediate interest.  we did find
that md5 failures are logged.

looking at my logs for a few years, i find essentially nothing;
two 'attackers,' one my own ibgp peer, and one that noted evildoer
rob thomas, bgprs01.ord08.cymru.com.

we would be interested in data from others.

note that we are neither contemplating nor suggesting removing md5
from [y]our bgp sessions.

randy
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended
solely for the addressee(s) and may contain confidential and/or legally
privileged information. If you are not the intended recipient of this
message or if this message has been addressed to you in error, please
immediately alert the sender by reply e-mail and then delete this message
and any attachments. If you are not the intended recipient, you are
notified that any use, dissemination, distribution, copying, or storage of
this message or any attachment is strictly prohibited.

Current thread:

Re: tcp md5 bgp attacks?, (continued)
- - Re: tcp md5 bgp attacks? Job Snijders (Aug 14)
  - Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
  - Re: tcp md5 bgp attacks? Fred Baker (Aug 15)
- Re: tcp md5 bgp attacks? joel jaeggli (Aug 14)
  - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 15)
    - Re: tcp md5 bgp attacks? joel jaeggli (Aug 14)
    - Re: tcp md5 bgp attacks? Niels Bakker (Aug 19)
- RE: tcp md5 bgp attacks? Lotia, Pratik M (Aug 15)
  - Re: tcp md5 bgp attacks? Garrett Skjelstad (Aug 20)
- Re: tcp md5 bgp attacks? lobna gouda (Aug 15)
- Re: tcp md5 bgp attacks? John Kristoff (Aug 14)
  - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)