RE: [j-nsp] BGP tcp/179 security on JunOS

From: Stephen Gill (gillsr@yahoo.com)
Date: Wed Sep 05 2001 - 00:18:07 EDT


Most excellent. Thanks for the input!

-- steve

-----Original Message-----
From: Lane Patterson [mailto:lpatterson@equinix.com]
Sent: Tuesday, September 04, 2001 4:24 PM
To: 'Stephen Gill'; juniper-nsp@puck.nether.net
Cc: 'robt@cymru.com'
Subject: RE: [j-nsp] BGP tcp/179 security on JunOS

> From: Stephen Gill [mailto:gillsr@yahoo.com]
> Sent: Tuesday, September 04, 2001 7:39 PM
> To: Lane Patterson; juniper-nsp@puck.nether.net
> Subject: RE: [j-nsp] BGP tcp/179 security on JunOS
>
>
> I'm not aware of this being a "feature" in Cisco IOS either
> unless it is
> a recent enhancement. Once "router bgp xxx" is entered, the it should
> be listening on port 179/tcp. In fact, I believe an ACL for this is
> created in Rob's template:
> http://www.cymru.com/~robt/Docs/Articles/secure-bgp-template.html

Yes, and they are unnecessary, and have been as far back as I'm aware,
which is IOS 11.x-12.x, including a few that I just sanity tested so I
wouldn't look like an idiot sending out this mail :-) I haven't tested
any old 10.3 routers.

IOS does in fact behave as I've described, without extra effort, and I
doubt it would be too hard for any other leading favorite vendor to
incorporate this most logical behavior (Greg?) :-)

If anyone can prove this wrong, chime in; otherwise I'd like to see
Rob's fine documents continue to improve with time.

Cheers,
-Lane

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT