[79198] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: MD5 for TCP/BGP Sessions

daemon@ATHENA.MIT.EDU (Eduardo Ascenco Reis)
Thu Mar 31 17:47:05 2005

In-Reply-To: <Pine.LNX.4.61.0503312041590.26294@netcore.fi> 
From: "Eduardo Ascenco Reis" <eduardo@intron.com.br>
To: nanog@merit.edu
Date: Thu, 31 Mar 2005 18:46:50 -0300
Errors-To: owner-nanog@merit.edu

Dear Fellows, 

a simple configuration that can help to improve security on BGP tcp sessions 
is to establish it using ip loopback address on both sides, even in 
situations with only one link between routers. By doing that the ip address 
used are hidden from traceroute tools discovery. 

Also the ip address used can be no routeable outside both routers, which 
will naturally block ip traffic against the BGP tcp session from any other 
host. 

Regards, 

Eduardo Ascenço Reis.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[79198] in North American Network Operators' Group

Re: MD5 for TCP/BGP Sessions

daemon@ATHENA.MIT.EDU (Eduardo Ascenco Reis)Thu Mar 31 17:47:05 2005

daemon@ATHENA.MIT.EDU (Eduardo Ascenco Reis)
Thu Mar 31 17:47:05 2005