North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: MD5 for TCP/BGP Sessions

  • From: Pekka Savola
  • Date: Thu Mar 31 01:25:17 2005

On Thu, 31 Mar 2005, Stephen J. Wilcox wrote:
without wishing to repeat what can be googled for.. putting acls on your edge to
protect your ebgp sessions wont work for obvious reasons -- to spoof data and
disrupt a session you have to spoof the srcip which of course the acl will allow
in
This is why this helps for eBGP sessions only the peer is also protecting its borders. I.e., if you know the peer's network has spoofing-prevention enabled, nobody is able to spoof the srcip the peer uses.

--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings