Winstar says there is no TCP/BGP vulnerability

Kevin_Oberman · April 28, 2004, 5:38pm

Date: Wed, 28 Apr 2004 10:22:56 -0700
From: Rodney Joffe <rjoffe@centergate.com>
Sender: owner-nanog@merit.edu

Joe Rhett wrote:
>
> You do know how to spell assumption, right?
>
> They might have some very good reasons why they believe it isn't an issue,
> or that they have worked around. Why don't you ask, rather than spell?

We did. They repeated their answer: We don't do MD5 currently.

I recently discovered that one router vendor out there does not support
MD5 authentication of BGP (even though it does for several other routing
protocols). If you happen to be stuck with this product, you don't do
MD5 authentication of BGP.

No, I don't know who's product this is and I'd say that anyone using one
for real work should replace it yesterday, but I also know the reality of
fork-lift upgrades and corporate purchasing rules.

So the customer is exercising his inalienable rights.

And this loss of $200k+ in revenue helps Winstar how?

Education?

Rodney_Joffe1 · April 28, 2004, 6:41pm

Kevin Oberman wrote:

> And this loss of $200k+ in revenue helps Winstar how?

Education?

That was my point. Apparently not. A week or more ago, they knew that
was the next stop. They ignored it. So they were not in need of
education. Hence my original question - in the *real* world, was there
another solution. In *this* specific situation where you were limited in
forcing peers to do anything upstream.

If there was an OT list, we should have been there already. So lets just
kill it here