[j-nsp] stealth bgp vulnerability?

Richmond, Jeff (ELI) jeff_richmond at eli.net
Thu Apr 15 09:56:59 EDT 2004


We are seeing the same requests come in from peers all about the same time
here in the US. We only peer using Juniper routers, and we use the
apply-path feature on a "peer" prefix list to accept BGP connections from
those peers, then discard from anyone else. However, without knowing the
extent of the vulnerability, it is hard to predict if we are still
susceptible. Then again, since most peers are wanting to move to MD5, it
probably is going to be a moot point here shortly anyway...

-Jeff

-----Original Message-----
From: Damon Pegg [mailto:damon.pegg at uk.easynet.net]
Sent: Wednesday, April 14, 2004 8:06 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] stealth bgp vulnerability?


Something sneaky maybe occuring?  Following a couple of prominent UK IX
members suddenly demanding the use of MD5 on EBGP sessions Juniper TAC
confirmed a related BGP security vulnerability but wouldnt give us any info
beyond asking that we comply with any requests from upstreams and/or peers
to use MD5.  A little cloak and dagger methinks.  Can anyone shed more
light?

Damon.


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list