On Tue, Aug 14, 2018 at 05:28:13PM -0600, Grant Taylor via NANOG wrote: > On 08/14/2018 03:38 PM, Randy Bush wrote: > > so we started to wonder if, since we started protecting our bgp > > sessions with md5 (in the 1990s), are there still folk trying to > > attack? > > n00b response here > > I thought using ACLs or otherwise protecting the BGP endpoint was best > practice. Thus it's really hard to even try break an MD5 protected > BGP session if you can't even establish the TCP connection. > > Everything that I've seen or set up had an ACL to only allow the > peer(s) to be able to connect to (from memory) TCP port 179. > > Is there something that I've missed the boat on? > > #learningOpportunity
To further harden your setup, consider using GTSM https://tools.ietf.org/html/rfc5082 Kind regards, Job