[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IGP protocol

Subject: IGP protocol
From: nick at foobar.org (Nick Hilliard)
Date: Sun, 18 Nov 2018 11:13:12 +0000
In-reply-to: <CAAeewD-SUwuFVQ6Zv9Ue-4KrsRZ6Hb1UC9n4w_F=QExHfy6Vcg@mail.gmail.com>
References: <CAH_tYHKhrwW3hXAig5KpzsDp+TvPwPc6dWdNeukxP=3XDv0qHA@mail.gmail.com> <[email protected]> <[email protected]> <CAAeewD_HFoupchpi_HR3ax6g6LJUif8AVp=O9S8SRP5EYmhhNQ@mail.gmail.com> <[email protected]> <CAAeewD_sdx_jB=8mGyop=kWyKSbZ+VUrw=mWkSnZ6N_aDhvOLg@mail.gmail.com> <1542535947.1541447.1580774296.7826FFBD@webmail.messagingengine.com> <CAAeewD-SUwuFVQ6Zv9Ue-4KrsRZ6Hb1UC9n4w_F=QExHfy6Vcg@mail.gmail.com>

Saku Ytti wrote on 18/11/2018 10:59:
> AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care
> about. But for iBGP I consider this a problem:

one of the few uses for tcp/md5 protection on bgp sessions can be found 
at IXPs where if you have an participant leaving the fabric, there will 
often be leftover bgp sessions configured on other routers on the 
exchange.  Pre-configuring MD5 on BGP sessions will ensure that these 
cannot be used to spoof connectivity to the old network.

Nick

Follow-Ups:
- IGP protocol
  - From: mark.tinka at seacom.mu (Mark Tinka)

References:
- IGP protocol
  - From: nanog at netfront.jp (im)
- IGP protocol
  - From: mark.tinka at seacom.mu (Mark Tinka)
- IGP protocol
  - From: ahebert at pubnix.net (Alain Hebert)
- IGP protocol
  - From: saku at ytti.fi (Saku Ytti)
- IGP protocol
  - From: mark.tinka at seacom.mu (Mark Tinka)
- IGP protocol
  - From: saku at ytti.fi (Saku Ytti)
- IGP protocol
  - From: alfie at fdx.services (Alfie Pates)
- IGP protocol
  - From: saku at ytti.fi (Saku Ytti)

Prev by Date: IGP protocol
Next by Date: IGP protocol
Previous by thread: IGP protocol
Next by thread: IGP protocol
Index(es):
- Date
- Thread