[48420] in North American Network Operators' Group
RE: route authentication
daemon@ATHENA.MIT.EDU (batz)
Tue Jun 4 10:47:52 2002
Date: Tue, 4 Jun 2002 10:37:30 -0400 (EDT)
From: batz <batsy@vapour.net>
To: Joshua Wright <Joshua.Wright@jwu.edu>
Cc: "'Barbara Fraser'" <byfraser@cisco.com>, nanog@merit.edu
In-Reply-To: <415D42EC88D4D411A128009027AF978C03A5F630@gaspee.jwu.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 4 Jun 2002, Joshua Wright wrote:
:I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5
:auth for BGP, but have been unsuccessful so far. The most difficult
:challenge I face there is convincing people of the "need" with the lack of a
:published exploit that the MD5 authentication would prevent.
Have you asked them how they _know_ there isn't an exploit?
Tim Newshams TCP ISN randomness vulnerabilites published last year
(fixed by cisco, but others are unknown) should be evidence that
there is a working chunk of code for exploiting TCP sessions.
:So much for best practices. <sigh>
"Best practices" seldom amounts to more than a euphemism
for "Lowest common denominator". ;)
--
batz
