bgpd - tcp md5 signatures RFC 2385 defines tcp md5 signatures An md5 hash of parts of the header and a shared secret is added to the tcp header and verified on the receiving side (unless you happen to run FreeBSD, they don't bother verifying the signatures) Attacker has to know the shared secret