[74887] in North American Network Operators' Group
Re: BCP38 making it work, solving problems
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Oct 19 12:22:24 2004
From: Randy Bush <randy@psg.com>
Date: Tue, 19 Oct 2004 09:21:46 -0700
To: Fred Baker <fred@cisco.com>
Cc: JP Velders <jpv@veldersjes.net>, Paul Vixie <vixie@vix.com>,
nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> For example, how many ISPs use TCP MD5 to limit the possibility of a
> BGP/TCP connection getting hijacked or disrupted by a ddos attack?
i hope none use it for the latter, as it will not help. more and
more use it for the former. why? becuase they perceived the need
to solve an immediate problem, a weakness in a vendor's code.
> Where ingress filters don't help, of course, is when the attacks come from
> an apparently-legitimate address.
many folk see that this is the vast majority of the cases. hence,
one reason for the lack of adoption of rfc 2827
randy
