[69903] in North American Network Operators' Group
Re: Winstar says there is no TCP/BGP vulnerability
daemon@ATHENA.MIT.EDU (Patrick W.Gilmore)
Wed Apr 21 11:12:35 2004
In-Reply-To: <20040421143833.GK73451@puck.nether.net>
Cc: Patrick W.Gilmore <patrick@ianai.net>
From: Patrick W.Gilmore <patrick@ianai.net>
Date: Wed, 21 Apr 2004 11:11:57 -0400
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Apr 21, 2004, at 10:38 AM, Jared Mauch wrote:
> On Wed, Apr 21, 2004 at 10:19:10AM -0400, Patrick W.Gilmore wrote:
>>
>>> Yes, it generates more work to update the database,
>>> but OTOH it provides the LIII engineer with a lot more to
>>> troubleshoot
>>> issues. Is it simply not worth the work at your scale?
>>
>> Exactly.
>>
>> And you do not have to be at 701's scale for this to not work.
>
> We've not had these issues and have been using
> bgp passwords/md5 for years. We do have a fancy configuration
> managment system in place, whereby people put things into the
> database first before they configure the router.
Sorry, in this particular post, we were (or at least I was) talking
about having prefix filters for all your peers. I know I've talked a
lot about MD5 lately, just thought it would be a nice change of
subject. :)
If you do prefix filter all your peers, that is impressive. Do you get
out of sync a lot? Does it help keep the network more stable? Or do
process problems make it worse than just max-prefixes on a peer?
--
TTFN,
patrick
