I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5
auth for BGP, but have been unsuccessful so far. The most difficult
challenge I face there is convincing people of the "need" with the lack of a
published exploit that the MD5 authentication would prevent.
So much for best practices. <sigh>
-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright@jwu.edu
:I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5
:auth for BGP, but have been unsuccessful so far. The most difficult
:challenge I face there is convincing people of the "need" with the lack of a
:published exploit that the MD5 authentication would prevent.
Have you asked them how they _know_ there isn't an exploit?
Tim Newshams TCP ISN randomness vulnerabilites published last year
(fixed by cisco, but others are unknown) should be evidence that
there is a working chunk of code for exploiting TCP sessions.
:So much for best practices. <sigh>
"Best practices" seldom amounts to more than a euphemism
for "Lowest common denominator".
