nanog mailing list archives
Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability
From: Andy Dills <andy () xecu net>
Date: Tue, 20 Apr 2004 17:51:11 -0400 (EDT)
On Tue, 20 Apr 2004, John Brown (CV) wrote:
Seems Xspedius aka E.SPire aka ACSI doesn't feel that MD5 is important on their BGP sessions either. Based on the ticket we filed last week, Managment does not feel its warranted to make these changes.
I dunno...to me, this falls on the side of "wait until I see my BGP sessions reset randomly before I get concerned". So I see where they're coming from. As far as I can tell, from the well reasoned responses from Richard and Patrick, it just won't get exploited quickly enough to cause a route to get dampened. And since no privileged access is gained, the chances of somebody actually bothering to write an effective exploit is minimal. As others have pointed out, you may as well just flood the router and kick it over that way, and they already have tools for that. I think MD5 violates the KISS principle for something as important as BGP. Not that it's difficult to implement on a small scale, just that it creates an additional knob for other people to break, and something else for the CPU to chew on (making it easier to take down, likely). Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Current thread:
- Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 20)
- Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability John Brown (CV) (Apr 20)
- Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability Andy Dills (Apr 20)
- Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability Richard A Steenbergen (Apr 20)
- Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability Charles Sprickman (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Joe Rhett (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Dan Hollis (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability James (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability E.B. Dreger (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Pekka Savola (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability E.B. Dreger (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Rodney Joffe (Apr 20)
- Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGP vulnerability John Brown (CV) (Apr 20)