nanog mailing list archives
Re: Winstar says there is no TCP/BGP vulnerability
From: "Robert E. Seastrom" <rs () seastrom com>
Date: 21 Apr 2004 11:36:41 -0400
"Christopher L. Morrow" <christopher.morrow () mci com> writes:
there is the issue of changing the keys during operations without impacting the network, eh? Having to bounce every bgp session in your network can be pretty darned painful... if you change the key(s) of course. If you don't you might as well not have keys, since adding the 3 lines of C code required to Paul Watsons' program making it do the hashing certainly won't be a big deal, eh?
I've added keys without bouncing the sessions... doesn't seem to cause any difficulties at all. You just add the password clause on both ends within the window for a BGP keepalive timeout. Worst case, this line: Milwaukee#sho ip bgp neigh 203.176.61.22 | inc md5 Flags: passive open, nagle, gen tcbs, md5 Milwaukee# is lying, and the md5 won't actually come up until some nogoodnik or bad fortune causes the session to bounce. 12.0S. ---Rob
Current thread:
- Re: Winstar says there is no TCP/BGP vulnerability, (continued)
- Re: Winstar says there is no TCP/BGP vulnerability Christopher L. Morrow (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Patrick W . Gilmore (Apr 22)
- RE: Winstar says there is no TCP/BGP vulnerability McBurnett, Jim (Apr 20)
- RE: Winstar says there is no TCP/BGP vulnerability Michel Py (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Patrick W . Gilmore (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Rob Thomas (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Patrick W . Gilmore (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability E.B. Dreger (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Alexei Roudnev (Apr 22)
- Re: Winstar says there is no TCP/BGP vulnerability Patrick W . Gilmore (Apr 20)
- RE: Winstar says there is no TCP/BGP vulnerability Christopher L. Morrow (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Robert E. Seastrom (Apr 21)
- Re: Winstar says there is no TCP/BGP vulnerability Christopher L. Morrow (Apr 21)
- RE: Winstar says there is no TCP/BGP vulnerability Christopher L. Morrow (Apr 20)
- Re: Winstar says there is no TCP/BGP vulnerability Patrick W . Gilmore (Apr 20)
- RE: Winstar says there is no TCP/BGP vulnerability Christopher L. Morrow (Apr 20)
- RE: Winstar says there is no TCP/BGP vulnerability David Luyer (Apr 21)