[c-nsp] Re: MD5 for TCP/BGP Sessions
Kim Onnel
karim.adel at gmail.com
Fri Apr 1 06:52:10 EST 2005
That is correct, but i guess we are usually trying to secure BGP
because if the other end gets hacked or because the other end is in
alot of cases being an ISP with alot of customers who also may try to
execute the attack against you.
On Mar 31, 2005 11:46 PM, Eduardo Ascenco Reis <eduardo at intron.com.br> wrote:
>
> Dear Fellows,
>
> a simple configuration that can help to improve security on BGP tcp sessions
> is to establish it using ip loopback address on both sides, even in
> situations with only one link between routers. By doing that the ip address
> used are hidden from traceroute tools discovery.
>
> Also the ip address used can be no routeable outside both routers, which
> will naturally block ip traffic against the BGP tcp session from any other
> host.
>
> Regards,
>
> Eduardo Ascenço Reis.
>
More information about the cisco-nsp
mailing list