17 Sep
2001
17 Sep
'01
2:46 p.m.
On Mon, 17 Sep 2001 14:32:35 EDT, "Patrick W. Gilmore" <patrick@ianai.net> said:
If someone can splice into my point-to-point OC system, fake being the router on the other end, and keep my peer from calling me and asking what
You *do* do ingress and egress filtering of your own addresses, and have checked that your router does in fact use cryptographically challenging seuquence numbers, right? And even if you don't, using MD5 is not *that* expensive (or shouldn't be), and provides security in depth. Unfortunately, I'll bet there's a LOT of routers that don't have filtering in place, don't have good sequence numbers, and don't use MD5. Enough said... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech