On Tue, 20 Apr 2004, John Brown (CV) wrote: > > Seems Xspedius aka E.SPire aka ACSI doesn't feel that MD5 is > important on their BGP sessions either. > > Based on the ticket we filed last week, Managment does not > feel its warranted to make these changes.
I dunno...to me, this falls on the side of "wait until I see my BGP sessions reset randomly before I get concerned". So I see where they're coming from. As far as I can tell, from the well reasoned responses from Richard and Patrick, it just won't get exploited quickly enough to cause a route to get dampened. And since no privileged access is gained, the chances of somebody actually bothering to write an effective exploit is minimal. As others have pointed out, you may as well just flood the router and kick it over that way, and they already have tools for that. I think MD5 violates the KISS principle for something as important as BGP. Not that it's difficult to implement on a small scale, just that it creates an additional knob for other people to break, and something else for the CPU to chew on (making it easier to take down, likely). Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---