nanog mailing list archives
Re: md5 for bgp tcp sessions
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Thu, 23 Jun 2005 00:32:27 -0400
On Jun 23, 2005, at 12:14 AM, Richard A Steenbergen wrote:
Just please realize that this is a trivial layer of security, an extralittle bit of insurance to make it harder to alter the packets in flight or screw with the delivery protocol, and as such the key is not a state secret. I am going to seriously hurt the next person who wants to exchangephone numbers via pgp encrypted email so that we can have a conferencecall to set up a meeting where we can whisper MD5 keys to each other inpig latin while standing under the god damned cone of silence and then shoot the engineers who configured it on the router afterwards.
It's not just trivial, it's nearly useless.Would someone please raise their hand if they have ever seen this attack in the wild? Anyone?
Seems the TTL hack is much more effective at guarding against this sort of thing, doesn't require "secrets", far less CPU intensive, easier to configure, etc., etc., etc.
Want security? I suggest you use something that has more benefit than cost.
-- TTFN, patrick
Current thread:
- md5 for bgp tcp sessions Todd Underwood (Jun 22)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)
- Re: md5 for bgp tcp sessions Patrick W. Gilmore (Jun 22)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 23)
- Re: md5 for bgp tcp sessions Eric Gauthier (Jun 23)
- Re: md5 for bgp tcp sessions Joe Abley (Jun 23)
- Re: md5 for bgp tcp sessions Robert E . Seastrom (Jun 23)
- <Possible follow-ups>
- RE: md5 for bgp tcp sessions Barry Greene (bgreene) (Jun 23)
- RE: md5 for bgp tcp sessions Hannigan, Martin (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)