%tcp-6-badauth: No MD5 digest from SRC.IP.NET.HOST(portnumber) to DST.IP.NET.HOST(portnumber) Donald.Smith@qwest.com GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2

-----Original Message----- From: james [mailto:hackerwacker@cybermesa.com] Sent: Tuesday, May 04, 2004 4:41 PM To: Smith, Donald Cc: nanog@merit.edu Subject: Re: BGP Exploit

What would a Cisco log if the IP's for the BGP sessions were attacked & MD5 was in place ? "No MD5 digest from <IP>", " Invalid MD5 digest from <IP>" or something else ? So far, grepping through my logs all I see for "MD5" are the the times I set MD5 for my BGP sessions.

-- James H. Edwards Routing and Security At the Santa Fe Office: Internet at Cyber Mesa jamesh@cybermesa.com noc@cybermesa.com (505) 795-7101