[69964] in North American Network Operators' Group
Re: Winstar says there is no TCP/BGP vulnerability
daemon@ATHENA.MIT.EDU (James)
Thu Apr 22 15:33:51 2004
Date: Thu, 22 Apr 2004 15:33:14 -0400
From: James <haesu@towardex.com>
To: Alexei Roudnev <alex@relcom.net>
Cc: Rodney Joffe <rjoffe@centergate.com>, NANOG <nanog@merit.edu>
In-Reply-To: <009b01c42839$8390fa60$6401a8c0@alexh>
Errors-To: owner-nanog-outgoing@merit.edu
anti spoofing filtering won't help you with your ebgp peer if the packet
is spoofed to your peer's address and hits the peering interface. try
adding GTSM with anti-spoofing. makes it far harder..
-J
On Thu, Apr 22, 2004 at 12:14:55AM -0700, Alexei Roudnev wrote:
>
> If they make proper anty-spoofiing filtering, no need in MD5.
>
>
> >
> > Perhaps we are all making too much of this...
> >
> > It appears that Winstar feels that there is no need for MD5
> > authentication of peering sessions. One of our customers has just had
> > the following response from Winstar following a request to implement MD5
> > on their OC3 connection to Winstar. My first suggestion is to locate
> > another upstream provider (they have 3 already).
> >
> > However, perhaps someone from Winstar would care to help us all
> > understand what the alternative solution is to securing the session via
> > MD5? I would *love* an alternative to the 5 days of work we've just gone
> > through.
> >
> > > -----Original Message-----
> > > From: Justin Crawford - NMCW Engineer [mailto:jcrawford@winstar.net]
> > > Sent: Tuesday, April 20, 2004 11:13 AM
> > > To: xxxxxx
> > > Subject: Re: *****SPAM***** MD5 implimentation on BGP
> > >
> > > xxxxx,
> > >
> > > Winstar does not currently run MD5 authentication with our peers.
> > >
> > > Thanks
> > >
> > > Justin
> > >
> > > Thank you for your time and business
> > >
> > > Justin Crawford
> > > Winstar NMCW
> > > Ph: 206-xxx.xxxx
> >
> > Has anyone else run in to this with Winstar?
> >
> > --
> > Rodney Joffe
> > CenterGate Research Group, LLC.
> > http://www.centergate.com
> > "Technology so advanced, even we don't understand it!"(SM)
--
James Jun TowardEX Technologies, Inc.
Technical Lead Network Design, Consulting, IT Outsourcing
james@towardex.com Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
