|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: MD5 in BGP4
In message <[email protected]>, Danny McPherson writes: > > >The primary goal of the BGP MD5 signature option is >to protect the TCP substrate from introduction of >spoofed TCP segments such a TCP RSTs. These segments >could easily be injected from anywhere on the Internet. > >Lots of service providers employ the TCP MD5 signature >option stuff to protect both internal and external BGP >sessions in their networks. It really doesn't matter >if the neighbors are directly connected or not, BGP >rides on IP and is therefore vulnerable to "packet bombs" >and the like from anywhere, regardless of whether the >peer is internal, external or external multi-hop. > >Expoliting such a vulernability is trivial, actually, in >any of these configurations. All one needs to know is a >tiny amount of information associated with the BGP session. >Though MD5 clearly isn't perfect, it does make is >considerably more difficult. > >Using MD5 stuff with IP-based protocols such as BGP & OSPF >is strongly advised. Obviously, IS-IS and similar protocols >are less vulnerable. Right. To learn how to hijack a TCP session, see @inproceedings{hijack, title = {A Simple Active Attack Against {TCP}}, author = {Laurent Joncheray}, year = 1995, booktitle = {Proceedings of the Fifth Usenix \Unix\ Security Symposium}, address = {Salt Lake City, UT} } IPsec protection is even stronger than the MD5 signature option described in RFC 2385, but 2385 if *far* better than nothing. (Btw -- since 2385 requires a TCP option, it's implemented in the stack, and not at application level.) --Steve Bellovin
|