Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

MD5 for TCP/BGP Sessions

  • From: Doug Legge
  • Date: Wed Mar 30 10:52:44 2005

NANOG,

I'm currently writing a paper for submission, as part of a MSc in Data
Communications, and would appreciate if anyone could update me as to the
implementation of MD5 for TCP authentication in BGP.

Following the alerts last year:
http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
http://www.cisco.com/en/US/products/products_security_advisory09186a00803be7
d9.shtml
http://www.foundrynet.com/solutions/security/TCP_Vulnerability_v1_3.pdf
http://www.kb.cert.org/vuls/id/415294
http://isc.sans.org/diary.php?date=2004-04-20

What has been the general effect in the ISP/Enterprise community following
the warnings?
- Have people applied MD5?
- If not what other technologies were implemented (IPSec AH transport mode
for BGP sessions/ACL/rate limiting etc)?
- Has there been any performance impacts seen since implementation?
- Has the support of the BGP environment been increased because of this
implementation (What policies regards changing the MD5 keys were
implemented)?
- Was this seen as a valid fix or a knee-jerk reaction (Having re-read the
exchanges on NANOG regards the actual mathematical probability of generating
this attack, what did the ISP community actually do (compared to what the
academic/vendor community were suggesting)?

Whilst I've had some response from bgp-info and bgp-security, it's not
really been sufficient to draw any real conclusions. From your knowledge and
experience are you aware, either internally or with customers the take up of
MD5 implementations and had anyone actually suffered an attack prior to
implementation

--------------------------------
Please do not supply confidential information or anything that would be
commercially sensitive, if you want to contact me off-line or from a private
account please do


Yours

Doug Legge
MDC Student
Kingston University
London /UK





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.