[nsp] bgp vulnerability?
Jared Mauch
jared at puck.nether.net
Tue Apr 20 17:07:37 EDT 2004
On Tue, Apr 20, 2004 at 11:00:30PM +0200, Gert Doering wrote:
> Hi,
>
> On Tue, Apr 20, 2004 at 04:55:57PM -0400, Dmitry Volkov wrote:
> > Well I was not asking about operational workarounds - like MD5 And RFC 2827,
> > etc but rather about vendor's fixes like Checkpoint, IIJ, I'm sure cisco
> > will come up soon...
>
> A *real* vendor fix would be to completely decouple the control plane
> from the forwarding plane.
You can run your iBGP in a vrf already, I assume you've
at least taken this level of securing your devices based on your
above statement :)
- jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the cisco-nsp
mailing list