Hi, ...on Mon, Apr 19, 2004 at 02:06:19PM +0200, Andre Oppermann wrote:
> Sorry, but this must be total bullshit and FUD. Well, word is that it's an attack on any kind of TCP connection, and that BGP is just one of the core infrastructure protocols that are affected. We'll know in two days, probably not too much use in further speculation until then... > traffic to kill a 12000. Before you waste your time on MD5-ing all your > peering sessions do a search for infrastructure ACL's on www.cisco.com. > If you have done all that it makes sense to look at MD5 again. Well, MD5 on BGP links can be implemented with minimal coordination in a relatively short time. Shure, MD5 computation CPU bound, but we have SNMP, ssh, dynamic routing protocols, and loads of other CPU intensive stuff on these boxen, so an additional attack vector on that (known) level probably doesn't hurt that much... Alex. -- AB54-RIPE ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
