4 Replies Latest reply on Nov 7, 2013 9:16 AM by noor

    Remediate BGP TCP Sequence Number Approximation Vulnerability

    cburgamy New Member


      Need some help here on how to resolve this issue?

       

      Remediate BGP TCP Sequence Number Approximation Vulnerability

        • Re: Remediate BGP TCP Sequence Number Approximation Vulnerability
          jayh Hall_of_Fame

          Could you be more specific as to where this message is originating?

           

          Reading between the lines, I would suspect that a third-party security audit has thrown this as a potential problem.  What it refers to is the ability of an attacker to guess the TCP sequence numbers used by BGP and potentially hijack a BGP session. While non-zero, the likelihood of an actual attack by this vector is very small.

           

          If your BGP session is internal such as MPLS or iBGP, this is of lesser concern than BGP over the Internet.

           

          Using MD5 passwords on BGP, particularly over the Internet, is a good practice which will mitigate this.

           

          Please give more information. If indeed it's a real concern it will likely have to be fixed by Adtran engineering as this will be buried deep in the BGP algorithm of the software.