[nsp] MD5 causes biggern problem than it fixes?
Gert Doering
gert at greenie.muc.de
Wed Apr 21 15:23:50 EDT 2004
Hi,
On Wed, Apr 21, 2004 at 12:06:51PM -0700, Dan Hollis wrote:
> Or you could just put anti spoofing filters at your borders and kill this
> BGP vulnerability _and any future variants_ totally dead, permanently.
Please elaborate how an anti spoofing filter could look like that
will solve the problem in the following eBGP example:
interface serial 0
description point-to-point uplink provider
ip address 1.1.1.1 255.255.255.252
ip access-group anti-spoofing in
router bgp 10
neighbor 1.1.1.2 remote-as 20
neighbor 1.1.1.2 description this is my uplink
ip access-list extended anti-spoofing
< fill in the gap >
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list