3549<->1273 seem to be generating a lot of BGP updates between each other, is
anyone else seeing this or noticed an adverse impact?
- Jared
Good Afternoon,
I am looking to get in touch with an AT&T wireless switch tech in the
NY/NJ region. If someone from AT&T could reach out to me offline it
would be great.
Thanks
Mark
Please contact me offline at b...@fiberinternetcenter.com
NOT looking for verizon a cell phone dealer - NOT looking for a verizon
business multi-phone plan sales person. Looking for the verizon mobility
department , someone that can generate a contract for this specific
service and has contacts w
so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?
we were unable to find bgp mib counters. there are igp interface
counters, but that was not our immediate interest. we did find
that md5 failures are logged.
On 08/14/2018 03:38 PM, Randy Bush wrote:
so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?
n00b response here
I thought using ACLs or otherwise protecting the BGP endpoint was best
practice. Thus it's rea
On Tue, Aug 14, 2018 at 05:28:13PM -0600, Grant Taylor via NANOG wrote:
> On 08/14/2018 03:38 PM, Randy Bush wrote:
> > so we started to wonder if, since we started protecting our bgp
> > sessions with md5 (in the 1990s), are there still folk trying to
> > attack?
>
> n00b response here
>
> I tho
On 15 Aug 2018, at 6:28, Grant Taylor via NANOG wrote:
> Is there something that I've missed the boat on?
No - it's a belt-and-suspenders sort of thing, along with GTSM.
---
Roland Dobbins
On Tue, 14 Aug 2018 21:38:35 +
Randy Bush wrote:
> we would be interested in data from others.
My data is coarse, but with 'show system statistics tcp | match auth' I
see sometimes thousands of rcv packets dropped on BGP routers. I doubt
they are attacks, but simply badly configured or stal
> My data is coarse, but with 'show system statistics tcp | match auth'
> I see sometimes thousands of rcv packets dropped on BGP routers. I
> doubt they are attacks, but simply badly configured or stale peer
> sessions over the course of time the counters initialized from.
thanks john for the on
> On Aug 14, 2018, at 8:04 PM, Randy Bush wrote:
>
> follow-on question:
>
> anyone using the timed key-chain stuff?
I’ve looked at it, hear it works, but not been willing to take the hit for any
transition.
I talked about some of this and other challenges at SAAG WG at IETF 101.
Transpo
[ again, thanks for an answer to the question asked ]
>> anyone using the timed key-chain stuff?
>
> I’ve looked at it, hear it works, but not been willing to take the hit
> for any transition.
and i am not sure it meets my needs. i am not seeking privacy or pfs.
i want roll-if-compromise. (and
> On Aug 14, 2018, at 8:12 PM, Randy Bush wrote:
>
> [ again, thanks for an answer to the question asked ]
>
>>> anyone using the timed key-chain stuff?
>>
>> I’ve looked at it, hear it works, but not been willing to take the hit
>> for any transition.
>
> and i am not sure it meets my need
>> something such as, or close to, rfc 4808?
>
> It provides some capability, but for example if I have a large iBGP
> mesh and need to change methods of securing it and have automation
> involved, it can often be a one-shot change unless I can zone some
> routers to different versions of templati
On 8/14/18 2:38 PM, Randy Bush wrote:
> so we started to wonder if, since we started protecting our bgp
> sessions with md5 (in the 1990s), are there still folk trying to
> attack?
To recap for the purpose of my own edification and because hopefully
someone will relieve me of my assumptions.
Th
my memory is that seq num guessing and sending rst was the core problem
motivating tcp/md5 for bgp, and btsh came some years later. but no big
deal.
i think that, indeed, md5 keys are shared across many links *within* an
op's infrastructure. but, since integrity, and not privacy, is the
goal, th
On 15 Aug 2018, at 9:27, Randy Bush wrote:
my theory is that, as the attacks were mitigated the attackers moved
on to other things.
With regards to BGP, the MD5 thing was promulgated to counter what was a
largely theoretical threat. iACLs, and later GTSM and CoPP and LPTS and
so forth rea
On 8/14/18 7:27 PM, Randy Bush wrote:
>
> < rathole >
> i am not much worried about a mesh which floods unicast. can you even
> buy devices which support that any more? a while back, i had to really
> dig in the closet to find one at 100mbps so i could shark mid-stream.
I'm not actually worrie
17 matches
Mail list logo
