North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: TCP/BGP vulnerability - easier than you think
On Wed, Apr 21, 2004 at 01:00:07PM +0200, Iljitsch van Beijnum wrote: > > All things considered, I think MD5 authentication will lower the bar > > for attackers, not raise it. I'm sure code optimizations could fix > > things to some degree, but that's just not the case today. > > > Which begs the question, what is one to do, > > How about: > > access-list 123 deny tcp any any eq bgp rst log-input > access-list 123 deny tcp any eq bgp any rst log-input > > Unfortunately, not all vendors are able to look at the RST bit when > filtering... The general ignorance to the fact that SYN works as well is astonishing. :-)
|