[j-nsp] decrypting BGP session keys on JUNOS

Joe Abley jabley at isc.org
Wed Apr 28 12:24:42 EDT 2004


Hi,

I'm extending some audit scripts which compare deployed reality in ISC 
routers with records in a peering database to check MD5 auth keys 
applied to BGP sessions.

RFC 2385 secrets in cisco configs are obfuscated against casual 
inspection, but are otherwise easy to decrypt. This is good from the 
point of view of scraping the secrets from the routers as part of this 
audit process.

However, it's not clear to me whether the corresponding 
authentication-key stanzas in JUNOS M-series configurations can be 
de-obfuscated as easily.

Does anybody happen to know how to extract plain text passwords for 
individual BGP sessions from a running Juniper M-series router?


Joe



More information about the juniper-nsp mailing list