Nigel- If you dig back through the NANOG archives, there was a rather in depth and discouraging discussion of encrypting / authorizing BGP session neighbors. The general result was that almost nobody supported it, and many in the ISP groups that offer BGP connectivity didn't even know what it was.
While it might or might not be on the CCIE exams, having some form of authentication between routing partners is a good thing to practice in your test labs, and put into production in your networks. Andras -----Original Message----- From: Nigel Taylor [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 8:33 PM To: [EMAIL PROTECTED] Subject: Re: Latest Hackers Target: Routers [7:29844] Chuck, Yes, I got the thread on this today and forwarded a copy to some of my co-workers. I hope folks are making use of the various IOS implementations to limit the damage done by a prospective attacker. Things like CBAC, rate-limit could go a long way in simply providing the needed time to identify a serious attack and implement more specific filtering techniques to identify or completely block the attacker. As it applies to the sniffing of BGP packets to gain route information, I was wondering where do things stand now on the implementation of encrypted authentication within BGP. If I'm not mistaken, isn't this suppose to happen along with support for IPv6. This document references authentication which sounds like the existing support for MD5 based authentication. http://search.ietf.org/internet-drafts/draft-ietf-idr-bgp4-16.txt (pg 9(a) ) Now this document does seem to address current issues with respects to the flaws/vulnerabilities inherent to all TCP based protocols. The important thing to note is this can be done without the presence of a MPLS aware backbone based on the model identified by RFC2547bis (MPLS/VPN). http://search.ietf.org/internet-drafts/draft-declercq-bgp-ipsec-vpn-01.t xt Thoughts anyone.. Nigel . ----- Original Message ----- From: "Chuck Larrieu" To: Sent: Thursday, December 20, 2001 10:14 PM Subject: RE: Latest Hackers Target: Routers [7:29810] > anyone see a thread about this on NANOG today? The archives are not up to > date with today's topics. > > Chuck > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Eric Rogers > Sent: Thursday, December 20, 2001 1:29 PM > To: [EMAIL PROTECTED] > Subject: OT: Latest Hackers Target: Routers [7:29810] > > > Paste into your browser: > > dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29850&t=29844 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
