|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: route authentication
On Tue, 4 Jun 2002, Joshua Wright wrote: :I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5 :auth for BGP, but have been unsuccessful so far. The most difficult :challenge I face there is convincing people of the "need" with the lack of a :published exploit that the MD5 authentication would prevent. Have you asked them how they _know_ there isn't an exploit? Tim Newshams TCP ISN randomness vulnerabilites published last year (fixed by cisco, but others are unknown) should be evidence that there is a working chunk of code for exploiting TCP sessions. :So much for best practices. <sigh> "Best practices" seldom amounts to more than a euphemism for "Lowest common denominator". ;) -- batz
|