• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 213
  • Last Modified:

Examples of implementing restrictive filters limiting access to BGP (TCP 179)

Can anyone give me some examples of implementing  restrictive filters or access-list limiting access to BGP (TCP 179) to only the necessary peers.

example configs:

router bgp 70000
network 206.25.32.0 mask 255.255.255.248
neighbor 200.4.3.98
0
ritru
Asked:
ritru
1 Solution
 
PennGwynCommented:
Like

access-list 101 permit tcp host 200.4.3.98 any eq 179
access-list 101 deny tcp any any eq 179
access-list 101 permit ip any any

interface Serial0/0
access-group 101 in

But that's cumbersome, and you may already be using an access-list on that interface.  And it won't protect you from somebody spoofing your neighbor's address as the source.

A simpler approach is to encrypt the link:

neighbor 200.4.3.98 password "oursharedsecret"

which will allow BGP packets only if they come from somebody who has the same secret configured on their neighbor statement pointing at you.

(This is the recommended fix for the issue that Cisco and others raised last week....)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now