Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: MD5 for TCP/BGP Sessions

  • From: Stephen J. Wilcox
  • Date: Thu Mar 31 05:28:15 2005

On Thu, 31 Mar 2005, Pekka Savola wrote:

> On Thu, 31 Mar 2005, Stephen J. Wilcox wrote:
> > without wishing to repeat what can be googled for.. putting acls on your edge to
> > protect your ebgp sessions wont work for obvious reasons -- to spoof data and
> > disrupt a session you have to spoof the srcip which of course the acl will allow
> > in
> 
> This is why this helps for eBGP sessions only the peer is also protecting its
> borders. I.e., if you know the peer's network has spoofing-prevention enabled,
> nobody is able to spoof the srcip the peer uses.

trusting a third party to protect your network is imho not best practice, in 
addition many networks may have considerable customers inside them making 
attacking from inside trivial

Steve





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.