[69857] in North American Network Operators' Group
RE: Winstar says there is no TCP/BGP vulnerability
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Wed Apr 21 00:29:52 2004
Date: Wed, 21 Apr 2004 04:26:38 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
To: Michel Py <michel@arneill-py.sacramento.ca.us>
Cc: Joe Rhett <jrhett@isite.net>,
Rodney Joffe <rjoffe@centergate.com>, NANOG <nanog@merit.edu>
In-Reply-To: <DD7FE473A8C3C245ADA2A2FE1709D90B0DB0B4@server2003.arneill-py.sacramento.ca.us>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 20 Apr 2004, Michel Py wrote:
>
> Please forgive me if I'm naive and/or ask a stupid question, but is
> there any reason (besides your platform not supporting it) _not_ to MD5
> your BGP sessions? Geez, on my _home_ router all my v4 BGP sessions are
> MD5ed (v6 not there yet).
>
> Michel.
there is the issue of changing the keys during operations without
impacting the network, eh? Having to bounce every bgp session in your
network can be pretty darned painful... if you change the key(s) of
course. If you don't you might as well not have keys, since adding the
3 lines of C code required to Paul Watsons' program making it do
the hashing certainly won't be a big deal, eh?
