[70077] in North American Network Operators' Group
Re: Winstar says there is no TCP/BGP vulnerability
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Wed Apr 28 13:39:21 2004
To: Rodney Joffe <rjoffe@centergate.com>
Cc: Joe Rhett <jrhett@isite.net>, NANOG <nanog@merit.edu>
In-reply-to: Your message of "Wed, 28 Apr 2004 10:22:56 PDT."
<408FE870.FF8F9122@centergate.com>
Date: Wed, 28 Apr 2004 10:38:45 -0700
From: "Kevin Oberman" <oberman@es.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Date: Wed, 28 Apr 2004 10:22:56 -0700
> From: Rodney Joffe <rjoffe@centergate.com>
> Sender: owner-nanog@merit.edu
>
> Joe Rhett wrote:
> >
> > You do know how to spell assumption, right?
> >
> > They might have some very good reasons why they believe it isn't an issue,
> > or that they have worked around. Why don't you ask, rather than spell?
>
> We did. They repeated their answer: We don't do MD5 currently.
I recently discovered that one router vendor out there does not support
MD5 authentication of BGP (even though it does for several other routing
protocols). If you happen to be stuck with this product, you don't do
MD5 authentication of BGP.
No, I don't know who's product this is and I'd say that anyone using one
for real work should replace it yesterday, but I also know the reality of
fork-lift upgrades and corporate purchasing rules.
> So the customer is exercising his inalienable rights.
>
> And this loss of $200k+ in revenue helps Winstar how?
Education?
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
