North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: TCP/BGP vulnerability - easier than you think

  • From: John Kristoff
  • Date: Wed Apr 21 21:53:51 2004

On Wed, 21 Apr 2004 21:00:55 +0100 (IST)
Paul Jakma <[email protected]> wrote:

> risk of crypto DoS than compared to the simple BGP TCP MD5 hack. The 
> risk is due to MD5, not IPSec :).

I would say the risk is due to implementation.  If the vendor's gear
vomits quicker due to a resource consumption issue in handling MD5, is
this really a problem with MD5?

These issues can usually be fixed by simply improving the scaling
properties of the implementation that may be required during adverse
conditions.

John