[69938] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: TCP/BGP vulnerability - easier than you think

daemon@ATHENA.MIT.EDU (John Kristoff)
Wed Apr 21 21:52:09 2004

Date: Wed, 21 Apr 2004 20:51:23 -0500
From: John Kristoff <jtk@northwestern.edu>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.58.0404212053030.22749@fogarty.jakma.org>
Errors-To: owner-nanog-outgoing@merit.edu

On Wed, 21 Apr 2004 21:00:55 +0100 (IST)
Paul Jakma <paul@clubi.ie> wrote:

> risk of crypto DoS than compared to the simple BGP TCP MD5 hack. The 
> risk is due to MD5, not IPSec :).

I would say the risk is due to implementation.  If the vendor's gear
vomits quicker due to a resource consumption issue in handling MD5, is
this really a problem with MD5?

These issues can usually be fixed by simply improving the scaling
properties of the implementation that may be required during adverse
conditions.

John


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[69938] in North American Network Operators' Group

Re: TCP/BGP vulnerability - easier than you think

daemon@ATHENA.MIT.EDU (John Kristoff)Wed Apr 21 21:52:09 2004

daemon@ATHENA.MIT.EDU (John Kristoff)
Wed Apr 21 21:52:09 2004