nanog mailing list archives
Re: route authentication
From: Sean Donelan <sean () donelan com>
Date: Tue, 4 Jun 2002 03:41:45 -0400 (EDT)
On Mon, 3 Jun 2002, Barbara Fraser wrote:
I'm wondering just how many ISPs are using HMAC-MD5 to authenticate IS-IS route advertisements within their ASs, or MD5 on BGP peering sessions? I don't need a real number, just a sense of the community. Is usage increasing? is it dead? is it regional? etc. Any anecdotal info you have is appreciated. I don't need names of ISPs, just whether or not these technologies are being used.
Some ISPs are practically religious about using them, usually the result of a single person at the ISP pushing it. But for the most part it hasn't really taken hold in the professional security consulting field. They are still stuck on stuff like turning off classless (CIDR) IP routing and source routing because the NSA said so. My experience (before this spring) was a handful of ISPs (single digits) regularly used MD5 on their routers for BGP routing. On a case by case basis you can get most ISPs to setup MD5 on your particular BGP session, once you found the right engineer. But it was rarely included as part of the default configuration, and therefor rarely done.
Current thread:
- route authentication Barbara Fraser (Jun 03)
- Re: route authentication Sean Donelan (Jun 04)
- Re: route authentication batz (Jun 04)
- Re: route authentication Richard A Steenbergen (Jun 04)
- Re: route authentication Rodney Thayer (Jun 04)
- Re: route authentication batz (Jun 04)
- <Possible follow-ups>
- RE: route authentication Joshua Wright (Jun 04)
- RE: route authentication batz (Jun 04)
- RE: route authentication Sean Donelan (Jun 04)
- Re: route authentication Sean Donelan (Jun 04)