Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: MD5 for TCP/BGP Sessions

  • From: Pekka Savola
  • Date: Thu Mar 31 01:25:17 2005 
On Thu, 31 Mar 2005, Stephen J. Wilcox wrote:

without wishing to repeat what can be googled for.. putting acls on your edge to
protect your ebgp sessions wont work for obvious reasons -- to spoof data and
disrupt a session you have to spoof the srcip which of course the acl will allow
in
This is why this helps for eBGP sessions only the peer is also protecting its borders. I.e., if you know the peer's network has spoofing-prevention enabled, nobody is able to spoof the srcip the peer uses.

--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.