[56202] in North American Network Operators' Group
Re: ebgp-multihop
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Fri Feb 28 08:48:56 2003
Date: Fri, 28 Feb 2003 08:46:45 -0500 (EST)
From: alex@yuriev.com
To: David Barak <thegameiam@yahoo.com>
Cc: Iljitsch van Beijnum <iljitsch@muada.com>,
Tim Rand <randt@ohsu.edu>, nanog@merit.edu
In-Reply-To: <20030228032929.79408.qmail@web14901.mail.yahoo.com>
Errors-To: owner-nanog-outgoing@merit.edu
> eBGP multihop carries with it the implicit possiblity
> of session highjacking - in a normal (Multihop=1)
> session, the router would not be able to find a
> duplicate neighbor with the specified IP address
> directly connected. Obviously, once you're saying
> that the neighbor could be anywhere in the world,
> what's to prevent me assigning my home Macintosh with
> a second IP address and injecting whatever I want into
> your network?
Just because you assign that second IP address to your Mac does not mean
that anyone else in the world is going to see that announcement, which, in
turn, would not let you to hi-jack the session.
Alex
