Re: Winstar says there is no TCP/BGP vulnerability

[Patrick W.Gilmore <patrick () ianai net>]

On Apr 21, 2004, at 10:38 AM, Jared Mauch wrote:

> On Wed, Apr 21, 2004 at 10:19:10AM -0400, Patrick W.Gilmore wrote:
> > > Yes, it generates more work to update the database,
> > > but OTOH it provides the LIII engineer with a lot more to 
> > > troubleshoot
> > > issues. Is it simply not worth the work at your scale?
> >
> > Exactly.
> >
> > And you do not have to be at 701's scale for this to not work.
>
>         We've not had these issues and have been using
> bgp passwords/md5 for years.  We do have a fancy configuration
> managment system in place, whereby people put things into the
> database first before they configure the router.

Sorry, in this particular post, we were (or at least I was) talking 
about having prefix filters for all your peers.  I know I've talked a 
lot about MD5 lately, just thought it would be a nice change of 
subject. :)

If you do prefix filter all your peers, that is impressive.  Do you get 
out of sync a lot?  Does it help keep the network more stable?  Or do 
process problems make it worse than just max-prefixes on a peer?

--
TTFN,
patrick