Fri, 16 Apr 2004

Heh, looks like a lot of providers are BCC'ing entire internet exchange
participants and saying "we don't currently use authentication, we would like to define an MD5 key". But saying nothing more .. how cute.

[/news] permanent link

Cisco BGP Exploit?
Apparently everyone is scrambling to convert their BGP peers to md5 auth, and cisco is pushing out a fix to tier 1 providers "as we speak". Cisco is gagging customers not to speak a word about it, and it affects "more than cisco"

Md5 authentication? BGP config changes? Sounds like random hosts can pretend they are bgp peers and inject random routes or cause some sort of mayhem.

If i actually knew what it was, i'd talk about it, but I am discovering how high our company is on Cisco and our ISP's priority list.

[/news] permanent link