North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: route authentication
- From: batz
- Date: Tue Jun 04 10:49:54 2002
On Tue, 4 Jun 2002, Joshua Wright wrote:
:I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5
:auth for BGP, but have been unsuccessful so far. The most difficult
:challenge I face there is convincing people of the "need" with the lack of a
:published exploit that the MD5 authentication would prevent.
Have you asked them how they _know_ there isn't an exploit?
Tim Newshams TCP ISN randomness vulnerabilites published last year
(fixed by cisco, but others are unknown) should be evidence that
there is a working chunk of code for exploiting TCP sessions.
:So much for best practices. <sigh>
"Best practices" seldom amounts to more than a euphemism
for "Lowest common denominator". ;)
--
batz
|
