North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: MD5 for TCP/BGP Sessions
- From: Stephen J. Wilcox
- Date: Thu Mar 31 05:28:15 2005
On Thu, 31 Mar 2005, Pekka Savola wrote:
> On Thu, 31 Mar 2005, Stephen J. Wilcox wrote:
> > without wishing to repeat what can be googled for.. putting acls on your edge to
> > protect your ebgp sessions wont work for obvious reasons -- to spoof data and
> > disrupt a session you have to spoof the srcip which of course the acl will allow
> > in
>
> This is why this helps for eBGP sessions only the peer is also protecting its
> borders. I.e., if you know the peer's network has spoofing-prevention enabled,
> nobody is able to spoof the srcip the peer uses.
trusting a third party to protect your network is imho not best practice, in
addition many networks may have considerable customers inside them making
attacking from inside trivial
Steve
|
