TCP MD5 Signature Option
The TCP MD5 Signature Option, defined in RFC 2385 [8], is used to help BGP protect itself from spoofed TCP segments and, particularly, TCP resets. The TCP MD5 Signature Option employs MD5's message digest algorithm, defined in RFC 1321[9]. More details regarding the usefulness of the TCP MD5 Signature Option can be found in the specification.
The extension provides a mechanism for TCP to carry a digest message in each TCP segment, where the digest utilizes information known only to the connection end points and acts as a signature for the segment.
Applying the MD5 algorithm to the following items, in the order listed, produces the digest created for a given segment:
-
TCP pseudo-header, in this order: source IP address, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access