RE: [j-nsp] BGP tcp/179 security on JunOS

From: Lane Patterson (lpatterson@equinix.com)
Date: Tue Sep 04 2001 - 17:23:56 EDT


> From: Stephen Gill [mailto:gillsr@yahoo.com]
> Sent: Tuesday, September 04, 2001 7:39 PM
> To: Lane Patterson; juniper-nsp@puck.nether.net
> Subject: RE: [j-nsp] BGP tcp/179 security on JunOS
>
>
> I'm not aware of this being a "feature" in Cisco IOS either
> unless it is
> a recent enhancement. Once "router bgp xxx" is entered, the it should
> be listening on port 179/tcp. In fact, I believe an ACL for this is
> created in Rob's template:
> http://www.cymru.com/~robt/Docs/Articles/secure-bgp-template.html

Yes, and they are unnecessary, and have been as far back as I'm aware,
which is IOS 11.x-12.x, including a few that I just sanity tested so I
wouldn't look like an idiot sending out this mail :-) I haven't tested
any old 10.3 routers.

IOS does in fact behave as I've described, without extra effort, and I
doubt it would be too hard for any other leading favorite vendor to
incorporate this most logical behavior (Greg?) :-)

If anyone can prove this wrong, chime in; otherwise I'd like to see
Rob's fine documents continue to improve with time.

Cheers,
-Lane



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT