|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What Worked - What Didn't
On Mon, 17 Sep 2001 14:32:35 EDT, "Patrick W. Gilmore" <[email protected]> said: > If someone can splice into my point-to-point OC system, fake being the > router on the other end, and keep my peer from calling me and asking what You *do* do ingress and egress filtering of your own addresses, and have checked that your router does in fact use cryptographically challenging seuquence numbers, right? And even if you don't, using MD5 is not *that* expensive (or shouldn't be), and provides security in depth. Unfortunately, I'll bet there's a LOT of routers that don't have filtering in place, don't have good sequence numbers, and don't use MD5. Enough said... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00013.pgp
|