BGP MD5 was never really well deployed until several years ago due to some vendors not properly checking ICMP messages. An easy workaround without upgrading code was to enable MD5 on all BGP sessions. Doing so may have opened up another attack vector to permit an attacker to transmit incorrect MD5 hashes to a victim. This presentation looks at the history of BGP with MD5 as well as testing results showing invalid-MD5 attacks across various routing platforms. In addition, alternative methods to protect BGP sessions will be examined as well, such as the GTSM/BTSH IP TTL checking. The presentation will address the more important question of why are spoofed packets talking to your route processors in the first place.
About the Presenter
Tom Scholl is a Senior Technical Consultant in the global IP core network design & routing group in AT&T Labs. He works on network design and routing architecture as well as the SBC network integration. Tom has spent his last several years at what was SBC and prior to that, Ameritech. When not working, Tom can be found on IRC discussing routing, networking hardware and the NINAF protocol.
Link to the presentation