North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: route authentication
On Mon, 3 Jun 2002, Barbara Fraser wrote: > I'm wondering just how many ISPs are using HMAC-MD5 to authenticate IS-IS > route advertisements within their ASs, or MD5 on BGP peering sessions? I > don't need a real number, just a sense of the community. Is usage > increasing? is it dead? is it regional? etc. Any anecdotal info you have is > appreciated. I don't need names of ISPs, just whether or not these > technologies are being used. Some ISPs are practically religious about using them, usually the result of a single person at the ISP pushing it. But for the most part it hasn't really taken hold in the professional security consulting field. They are still stuck on stuff like turning off classless (CIDR) IP routing and source routing because the NSA said so. My experience (before this spring) was a handful of ISPs (single digits) regularly used MD5 on their routers for BGP routing. On a case by case basis you can get most ISPs to setup MD5 on your particular BGP session, once you found the right engineer. But it was rarely included as part of the default configuration, and therefor rarely done.
|