[42505] in North American Network Operators' Group
RE: What Worked - What Didn't
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon Sep 17 14:34:06 2001
Message-Id: <5.1.0.14.2.20010917142747.02d1cca8@127.0.0.1>
Date: Mon, 17 Sep 2001 14:32:35 -0400
To: nanog@merit.edu
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <E15j2yt-000N3s-00@rip.psg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 11:18 AM 9/17/2001 -0700, Randy Bush wrote:
>no one went after the comms infrastructure. when they do, i suspect that
>we will find the internet is extremely vulnerable. how many folk even
>have md5 auth turned on their bgp peering sessions? what nievete!
If someone can splice into my point-to-point OC system, fake being the
router on the other end, and keep my peer from calling me and asking what
happened, well, then I have MUCH bigger things to worry about than whether
my BGP session is valid. (And he probably has the capability to do
whatever he wants, no matter how hard I try to stop him.)
As for public peering points, the ARP resolution would cause problems, and
either I or my peer would notice pretty darned quickly. But only a small
percentage of the traffic on the 'Net goes over public peering points these
days anyway.
Not sure where else anyone could use MD5 on their BGP. Maybe I missed
something?
>randy
--
TTFN,
patrick
