21 Apr
2004
21 Apr
'04
7:19 a.m.
On Wed, Apr 21, 2004 at 01:00:07PM +0200, Iljitsch van Beijnum wrote:
All things considered, I think MD5 authentication will lower the bar for attackers, not raise it. I'm sure code optimizations could fix things to some degree, but that's just not the case today.
Which begs the question, what is one to do,
How about:
access-list 123 deny tcp any any eq bgp rst log-input access-list 123 deny tcp any eq bgp any rst log-input
Unfortunately, not all vendors are able to look at the RST bit when filtering...
The general ignorance to the fact that SYN works as well is astonishing. :-)