SMB> Date: Wed, 21 Apr 2004 09:46:30 -0400
SMB> From: Steven M. Bellovin


SMB> >TTL 255 hack is even easier and has a lower CPU cost.
SMB>
SMB> Yes, but it doesn't help at all at LAN-based interconnects,
SMB> and it's not that much help for iBGP where sessions are
SMB> often multi-hop.

True.  I suppose I also should have mentioned proper edge spoof
filtering (for iBGP) and MAC whitelisting (exchanges) along with
RFC 3682.

As for eBGP multihop across untrusted nets, MD5 or IPSec is
pretty much the only sane choice.


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
          DO NOT send mail to the following addresses :
  blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.