[29987] in North American Network Operators' Group
Re: MD5 in BGP4
daemon@ATHENA.MIT.EDU (Danny McPherson)
Wed Jul 12 12:10:56 2000
Message-Id: <200007121609.KAA09225@tcb.net>
To: nanog@merit.edu
From: Danny McPherson <danny@tcb.net>
Reply-To: danny@tcb.net
Date: Wed, 12 Jul 2000 10:09:48 -0600
Errors-To: owner-nanog-outgoing@merit.edu
The primary goal of the BGP MD5 signature option is
to protect the TCP substrate from introduction of
spoofed TCP segments such a TCP RSTs. These segments
could easily be injected from anywhere on the Internet.
Lots of service providers employ the TCP MD5 signature
option stuff to protect both internal and external BGP
sessions in their networks. It really doesn't matter
if the neighbors are directly connected or not, BGP
rides on IP and is therefore vulnerable to "packet bombs"
and the like from anywhere, regardless of whether the
peer is internal, external or external multi-hop.
Expoliting such a vulernability is trivial, actually, in
any of these configurations. All one needs to know is a
tiny amount of information associated with the BGP session.
Though MD5 clearly isn't perfect, it does make is
considerably more difficult.
Using MD5 stuff with IP-based protocols such as BGP & OSPF
is strongly advised. Obviously, IS-IS and similar protocols
are less vulnerable.
-danny
> BGP is a TCP based protocol and is normally run only to an adjacent
> peer. This combination makes it very hard to break into. You have to
> have another system on the shared media send a spoofed packet with
> bogus information that fits the TCP stream and the BGP status for that
> peering (and many BGP connections are point-to-point, making even
> this impossible).
>
> Multi-hop BGP is a different beast and much more likely to be subject
> to attack, but it's also pretty rare and such an attack would still be
> very difficult.
