[90955] in North American Network Operators' Group
RE: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Bora Akyol)
Wed Jun 21 20:40:58 2006
Date: Wed, 21 Jun 2006 17:25:16 -0700
From: "Bora Akyol" <bora@broadcom.com>
To: "Ross Callon" <rcallon@juniper.net>,
"Richard A Steenbergen" <ras@e-gerbil.net>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
>=20
> Another potential attack is an attempt to insert information=20
> into a BGP session, such as to introduce bogus routes, or to=20
> even become a "man in the middle" of a BGP session. One issue=20
> that worries me about this is that if this allows routing to=20
> be compromised, then I can figure out how to make money off=20
> of this (and if I can think of it, someone even nastier will=20
> probably also think of this). Of course this would be much=20
> more difficult to pull off, and might require viewing packets=20
> between routers to pull off, but if pulled off and not=20
> quickly detected could be unfortunate.
>=20
> Ross
This one is hard to pull off. I think the general conclusion
a couple years ago in the study that Sean Convery and Matt Franz
did was that it was less work to try to own the router or buy your
own AS ;)
Bora
