Alexander Bochmann wrote: > > Hi, > > ...on Mon, Apr 19, 2004 at 02:06:19PM +0200, Andre Oppermann wrote: > > > Sorry, but this must be total bullshit and FUD. > > Well, word is that it's an attack on any kind of > TCP connection, and that BGP is just one of the > core infrastructure protocols that are affected.
If TCP is 'broken' then pretty much everything that uses it is broken... > We'll know in two days, probably not too much use > in further speculation until then... Going into an MD5 frenzy is speculation, isn't it? > > traffic to kill a 12000. Before you waste your time on MD5-ing all your > > peering sessions do a search for infrastructure ACL's on www.cisco.com. > > If you have done all that it makes sense to look at MD5 again. > > Well, MD5 on BGP links can be implemented with > minimal coordination in a relatively short time. Only that it doesn't help anything. > Shure, MD5 computation CPU bound, but we have SNMP, > ssh, dynamic routing protocols, and loads of other > CPU intensive stuff on these boxen, so an additional > attack vector on that (known) level probably doesn't > hurt that much... If you can take out your routers CPU with 3Mbit/s of some traffic MD5 becomes rather pointless... -- Andre ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
