nanog mailing list archives
Re: IGP protocol
From: Nick Hilliard <nick () foobar org>
Date: Sun, 18 Nov 2018 11:13:12 +0000
Saku Ytti wrote on 18/11/2018 10:59:
AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care about. But for iBGP I consider this a problem:
one of the few uses for tcp/md5 protection on bgp sessions can be found at IXPs where if you have an participant leaving the fabric, there will often be leftover bgp sessions configured on other routers on the exchange. Pre-configuring MD5 on BGP sessions will ensure that these cannot be used to spoof connectivity to the old network.
Nick
Current thread:
- Re: IGP protocol, (continued)
- Re: IGP protocol James Bensley (Nov 14)
- Re: IGP protocol Baldur Norddahl (Nov 14)
- SV: IGP protocol Gustav Ulander (Nov 14)
- Re: IGP protocol James Bensley (Nov 15)
- Re: IGP protocol Alain Hebert (Nov 13)
- Re: IGP protocol Saku Ytti (Nov 13)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Alfie Pates (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Nick Hilliard (Nov 18)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Grant Taylor via NANOG (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Saku Ytti (Nov 18)
- Re: IGP protocol Mark Tinka (Nov 19)
- Re: IGP protocol Mark Tinka (Nov 18)