Internet Routing Architectures, Second Edition

TCP MD5 Signature Option

The TCP MD5 Signature Option, defined in RFC 2385 ^[8], is used to help BGP protect itself from spoofed TCP segments and, particularly, TCP resets. The TCP MD5 Signature Option employs MD5's message digest algorithm, defined in RFC 1321^[9]. More details regarding the usefulness of the TCP MD5 Signature Option can be found in the specification.

The extension provides a mechanism for TCP to carry a digest message in each TCP segment, where the digest utilizes information known only to the connection end points and acts as a signature for the segment.

Applying the MD5 algorithm to the following items, in the order listed, produces the digest created for a given segment:

TCP pseudo-header, in this order: source IP address, ...

Get Internet Routing Architectures, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Internet Routing Architectures, Second Edition by Sam Halabi, Danny McPherson

TCP MD5 Signature Option

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly