[nsp] bgp vulnerability?

Jared Mauch jared at puck.nether.net
Tue Apr 20 17:07:37 EDT 2004


On Tue, Apr 20, 2004 at 11:00:30PM +0200, Gert Doering wrote:
> Hi,
> 
> On Tue, Apr 20, 2004 at 04:55:57PM -0400, Dmitry Volkov wrote:
> > Well I was not asking about operational workarounds - like MD5 And RFC 2827,
> > etc but rather about vendor's fixes like Checkpoint, IIJ, I'm sure cisco
> > will come up soon...
> 
> A *real* vendor fix would be to completely decouple the control plane
> from the forwarding plane.

	You can run your iBGP in a vrf already, I assume you've
at least taken this level of securing your devices based on your
above statement :)

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the cisco-nsp mailing list