"HANSEN CHAN" wrote:
I understand that MD5 is quite commonly used in IGP such as OSPF but not in BGP4. Am I correct? Can someone explain to me why? Shouldn't one be more concerned the session being hijacked when talking to another network?
i believe this is because bgp will not establish a session unless the other end is directly connected. hence the reason for ebgp-multihop. so unless somebody drops a physical line into your router and configures it, you shouldn't have a problem.
The norm for E-BGP is that the packets to the neighbor are created with a TTL of 1 making the packets die if they are not addressed to a neighbor one hop away. However some folks run multihop BGP for various reasons. When they do they may not be so careful setting the hop count. However, regardless of how a well behaved router acts, a misbehaving node can violate these rules and set the hop count to anything that suites their twisted purposes. Most routers won't check to see that a packet, it is forrwarding, is sourced from its own IP address and thus not detect that a misbehaving node multiple hops away is trying to attack its BGP neighbors BGP TCP session. A full hijack of the session however would be less likely because the return packets are unlikely to reach the misbehaving node. So a misbehaving host could potentially cause a session reset and a route flap but not persist in a hijacked BGP session, feeding and consuming routing updates. When a general purpose node (ie. Unix node) is between two EBGP speakers running multihop BGP such an attack is possible. It is also quite possible in a situation where BGP speakers are on a shared media. Walt Prue