Re: TCP/BGP vulnerability - easier than you think

North American Network Operators Group

Re: TCP/BGP vulnerability - easier than you think

From: Iljitsch van Beijnum
Date: Wed Apr 21 07:06:31 2004

On 21-apr-04, at 12:44, Adam Rothschild wrote:

All things considered, I think MD5 authentication will lower the bar
for attackers, not raise it.  I'm sure code optimizations could fix
things to some degree, but that's just not the case today.

Which begs the question, what is one to do,

How about:

access-list 123 deny tcp any any eq bgp rst log-input
access-list 123 deny tcp any eq bgp any rst log-input

Unfortunately, not all vendors are able to look at the RST bit when filtering...

Follow-Ups:
- Re: TCP/BGP vulnerability - easier than you think Daniel Roesen

References:
- Re: Massive stupidity (Was: Re: TCP vulnerability) Patrick W.Gilmore
- TCP/BGP vulnerability - easier than you think David Luyer
- Re: TCP/BGP vulnerability - easier than you think Adam Rothschild

Prev by Date: Re: TCP/BGP vulnerability - easier than you think
Next by Date: Re: TCP/BGP vulnerability - easier than you think
Date Index
Thread Index
Author Index
Historical