North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: md5 for bgp tcp sessions

  • From: Robert E.Seastrom
  • Date: Thu Jun 23 11:52:47 2005

Eric Gauthier <[email protected]> writes:

> Honestly, I completely agree with you that MD5'ing our OSPF
> adjacencies isn't a great idea (I've so far stalled its roll-out).
> I strongly argued against it internally.  There were, however, those
> in both the networking and security groups that were concerned about
> the OSPF vulnerabilities that were pointed out recently and were in
> favor of the MD5s as the mitigation method.

passive-interface is your friend.