Winstar says there is no TCP/BGP vulnerability

[Rodney Joffe <rjoffe () centergate com>]

Perhaps we are all making too much of this...

It appears that Winstar feels that there is no need for MD5
authentication of peering sessions. One of our customers has just had
the following response from Winstar following a request to implement MD5
on their OC3 connection to Winstar. My first suggestion is to locate
another upstream provider (they have 3 already).

However, perhaps someone from Winstar would care to help us all
understand what the alternative solution is to securing the session via
MD5? I would *love* an alternative to the 5 days of work we've just gone
through.

> -----Original Message-----
> From: Justin Crawford - NMCW Engineer [mailto:jcrawford () winstar net]
> Sent: Tuesday, April 20, 2004 11:13 AM
> To: xxxxxx
> Subject: Re: *****SPAM***** MD5 implimentation on BGP
>
> xxxxx,
>
> Winstar does not currently run MD5 authentication with our peers.
>
> Thanks
>
> Justin
>
> Thank you for your time and business
>
> Justin Crawford
> Winstar NMCW
> Ph: 206-xxx.xxxx

Has anyone else run in to this with Winstar?

-- 
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(SM)