[149050] in North American Network Operators' Group
Re: MD5?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Jan 27 15:36:08 2012
In-Reply-To: <Pine.LNX.4.61.1201271531170.24418@soloth.lewis.org>
Date: Fri, 27 Jan 2012 15:35:28 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Jon Lewis <jlewis@lewis.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Jan 27, 2012 at 3:32 PM, Jon Lewis <jlewis@lewis.org> wrote:
> On Fri, 27 Jan 2012, Christopher Morrow wrote:
>
>> lots of folks still use it yes. is it helpful? maybe? maybe not? is
>> this peering over a shared media (like a 10base-T hub).
>>
>> You might point out that you'll be enabling this, then promptly
>> writing the 'secret' on a large whiteboard in your noc... because
>> chances are the config won't include it in rancid and ... you don't
>> have a place to store these securely that's not prone also to outages
>> :(
>>
>> also, customers wander through your NOC, so...
>
>
> All that may be true, but still, the random hacker in Romania who wants in
> on their BGP session won't know the secret...probably.
1) that person doesn't exist
2) they need a LOT more info about what's going on anyway
3) I bet they will get a copy of the config from at least:
a) vendor data sources
b) ebay purchases of gear
c) pwning a noc-worker and getting things done from there.
There are far better ways to skin this cat.
