[29995] in North American Network Operators' Group
Re: MD5 in BGP4
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jul 12 14:08:40 2000
From: "Steven M. Bellovin" <smb@research.att.com>
To: danny@tcb.net
Cc: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 12 Jul 2000 14:06:21 -0400
Message-Id: <20000712180621.D6C3135DC2@smb.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <200007121609.KAA09225@tcb.net>, Danny McPherson writes:
>
>
>The primary goal of the BGP MD5 signature option is
>to protect the TCP substrate from introduction of
>spoofed TCP segments such a TCP RSTs. These segments
>could easily be injected from anywhere on the Internet.
>
>Lots of service providers employ the TCP MD5 signature
>option stuff to protect both internal and external BGP
>sessions in their networks. It really doesn't matter
>if the neighbors are directly connected or not, BGP
>rides on IP and is therefore vulnerable to "packet bombs"
>and the like from anywhere, regardless of whether the
>peer is internal, external or external multi-hop.
>
>Expoliting such a vulernability is trivial, actually, in
>any of these configurations. All one needs to know is a
>tiny amount of information associated with the BGP session.
>Though MD5 clearly isn't perfect, it does make is
>considerably more difficult.
>
>Using MD5 stuff with IP-based protocols such as BGP & OSPF
>is strongly advised. Obviously, IS-IS and similar protocols
>are less vulnerable.
Right. To learn how to hijack a TCP session, see
@inproceedings{hijack,
title = {A Simple Active Attack Against {TCP}},
author = {Laurent Joncheray},
year = 1995,
booktitle = {Proceedings of the Fifth Usenix \Unix\ Security Symposium},
address = {Salt Lake City, UT}
}
IPsec protection is even stronger than the MD5 signature option
described in RFC 2385, but 2385 if *far* better than nothing. (Btw --
since 2385 requires a TCP option, it's implemented in the stack, and
not at application level.)
--Steve Bellovin
