nanog mailing list archives

Re: IGP protocol

From: Nick Hilliard <nick () foobar org>
Date: Sun, 18 Nov 2018 11:13:12 +0000

Saku Ytti wrote on 18/11/2018 10:59:

AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care
about. But for iBGP I consider this a problem:

one of the few uses for tcp/md5 protection on bgp sessions can be foundat IXPs where if you have an participant leaving the fabric, there willoften be leftover bgp sessions configured on other routers on theexchange. Pre-configuring MD5 on BGP sessions will ensure that thesecannot be used to spoof connectivity to the old network.


Nick

Current thread:

Re: IGP protocol, (continued)
- - - Re: IGP protocol James Bensley (Nov 14)
    - Re: IGP protocol Baldur Norddahl (Nov 14)
    - SV: IGP protocol Gustav Ulander (Nov 14)
    - Re: IGP protocol James Bensley (Nov 15)
  - Re: IGP protocol Alain Hebert (Nov 13)
    - Re: IGP protocol Saku Ytti (Nov 13)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Alfie Pates (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Nick Hilliard (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Grant Taylor via NANOG (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 18)
    - Re: IGP protocol Saku Ytti (Nov 18)
    - Re: IGP protocol Mark Tinka (Nov 19)
- Re: IGP protocol im (Nov 14)
  - Re: IGP protocol Mark Tinka (Nov 18)
- Re: IGP protocol Tashi Phuntsho (Nov 14)
- Re: IGP protocol Randy Bush (Nov 16)

(Thread continues...)