At Wed, 30 Nov 2016 05:37:24 -0800, Randy Bush <[email protected]> wrote: > > >>> and stitching back together the tcp session... same effect. > >> > >> Not sure why you have to stitch back together the TCP session? I > >> thought you were supposing the "attacker" was the edge node, it can > >> just apply an export policy towards the core. > > > > say the case is inside your network, between the edge node in NYC and > > the core nodes in BWI, something on the fiber path just removes/adds > > information to the bgp stream. > > < pedantry > > > the point is the tcp 'stream' does not have to be hacked in any way. > the hack is at a layer above.
sure. but in the case where you own both sides you'd assume that the goes-inta == goes-outa on a single stream... ideally you also backstop that with some protections (tcp-ao, of course!), but... really. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
