nanog mailing list archives
Re: md5 for bgp tcp sessions
From: Eric Gauthier <eric () roxanne org>
Date: Thu, 23 Jun 2005 09:57:44 -0400
Todd,
eric, all, not to pick on eric at all, but since he raised the issue...
I always assume and, frankly hope, that when I post something someone will pipe up and point out anything thats inaccurate, needs clarification, is a bad idea, etc.
likely need to make modifications to our IGP/EGP setup. Though we filter OSPF multicast traffic, we wanted to add in MD5 passwords to our neighbors.just a quick comment here. i would encourage you not to do that.
Honestly, I completely agree with you that MD5'ing our OSPF adjacencies isn't a great idea (I've so far stalled its roll-out). I strongly argued against it internally. There were, however, those in both the networking and security groups that were concerned about the OSPF vulnerabilities that were pointed out recently and were in favor of the MD5s as the mitigation method. I used the discussion as a point in favor of moving to IS-IS because, since we don't route CLNS on our campus, IS-IS would be more immune to that form of attack. I just noted the issue in my response because it was one of the reaons why we're deciding to move from OSPF to IS-IS, rather than as a recommendation. Thanks for pointing it out! Eric :)
Current thread:
- md5 for bgp tcp sessions Todd Underwood (Jun 22)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)
- Re: md5 for bgp tcp sessions Patrick W. Gilmore (Jun 22)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 23)
- Re: md5 for bgp tcp sessions Eric Gauthier (Jun 23)
- Re: md5 for bgp tcp sessions Joe Abley (Jun 23)
- Re: md5 for bgp tcp sessions Robert E . Seastrom (Jun 23)
- <Possible follow-ups>
- RE: md5 for bgp tcp sessions Barry Greene (bgreene) (Jun 23)
- RE: md5 for bgp tcp sessions Hannigan, Martin (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)