North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
MD5 for TCP/BGP Sessions
- From: Doug Legge
- Date: Wed Mar 30 10:52:44 2005
I'm currently writing a paper for submission, as part of a MSc in Data
Communications, and would appreciate if anyone could update me as to the
implementation of MD5 for TCP authentication in BGP.
Following the alerts last year:
What has been the general effect in the ISP/Enterprise community following
- Have people applied MD5?
- If not what other technologies were implemented (IPSec AH transport mode
for BGP sessions/ACL/rate limiting etc)?
- Has there been any performance impacts seen since implementation?
- Has the support of the BGP environment been increased because of this
implementation (What policies regards changing the MD5 keys were
- Was this seen as a valid fix or a knee-jerk reaction (Having re-read the
exchanges on NANOG regards the actual mathematical probability of generating
this attack, what did the ISP community actually do (compared to what the
academic/vendor community were suggesting)?
Whilst I've had some response from bgp-info and bgp-security, it's not
really been sufficient to draw any real conclusions. From your knowledge and
experience are you aware, either internally or with customers the take up of
MD5 implementations and had anyone actually suffered an attack prior to
Please do not supply confidential information or anything that would be
commercially sensitive, if you want to contact me off-line or from a private
account please do