Chuck,
Yes, I got the thread on this today and forwarded a copy to
some of my co-workers. I hope folks are making use of the various IOS
implementations to limit the damage done by a prospective attacker. Things
like CBAC, rate-limit could go a long way in simply providing the needed
time to identify a serious attack and implement more specific filtering
techniques to identify or completely block the attacker.
As it applies to the sniffing of BGP packets to gain route information, I
was wondering where do things stand now on the implementation of encrypted
authentication within BGP. If I'm not mistaken, isn't this suppose to
happen along with support for IPv6. This document references
authentication which sounds like the existing support for MD5 based
authentication.
http://search.ietf.org/internet-drafts/draft-ietf-idr-bgp4-16.txt (pg
9(a) )
Now this document does seem to address current issues with respects to the
flaws/vulnerabilities inherent to all TCP based protocols. The important
thing to note is this can be done without the presence of a MPLS aware
backbone based on the model identified by RFC2547bis (MPLS/VPN).
http://search.ietf.org/internet-drafts/draft-declercq-bgp-ipsec-vpn-01.txt
Thoughts anyone..
Nigel .
----- Original Message -----
From: "Chuck Larrieu"
To:
Sent: Thursday, December 20, 2001 10:14 PM
Subject: RE: Latest Hackers Target: Routers [7:29810]
> anyone see a thread about this on NANOG today? The archives are not up to
> date with today's topics.
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Eric Rogers
> Sent: Thursday, December 20, 2001 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: OT: Latest Hackers Target: Routers [7:29810]
>
>
> Paste into your browser:
>
> dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29844&t=29844
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
