anti spoofing filtering won't help you with your ebgp peer if the packet is spoofed to your peer's address and hits the peering interface. try adding GTSM with anti-spoofing. makes it far harder..
-J On Thu, Apr 22, 2004 at 12:14:55AM -0700, Alexei Roudnev wrote: > > If they make proper anty-spoofiing filtering, no need in MD5. > > > > > > Perhaps we are all making too much of this... > > > > It appears that Winstar feels that there is no need for MD5 > > authentication of peering sessions. One of our customers has just had > > the following response from Winstar following a request to implement MD5 > > on their OC3 connection to Winstar. My first suggestion is to locate > > another upstream provider (they have 3 already). > > > > However, perhaps someone from Winstar would care to help us all > > understand what the alternative solution is to securing the session via > > MD5? I would *love* an alternative to the 5 days of work we've just gone > > through. > > > > > -----Original Message----- > > > From: Justin Crawford - NMCW Engineer [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, April 20, 2004 11:13 AM > > > To: xxxxxx > > > Subject: Re: *****SPAM***** MD5 implimentation on BGP > > > > > > xxxxx, > > > > > > Winstar does not currently run MD5 authentication with our peers. > > > > > > Thanks > > > > > > Justin > > > > > > Thank you for your time and business > > > > > > Justin Crawford > > > Winstar NMCW > > > Ph: 206-xxx.xxxx > > > > Has anyone else run in to this with Winstar? > > > > -- > > Rodney Joffe > > CenterGate Research Group, LLC. > > http://www.centergate.com > > "Technology so advanced, even we don't understand it!"(SM) -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing [EMAIL PROTECTED] Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
