bgpd - tcp md5 signatures they're ok. no more, no less. better than nothing, and almost everybody supports it. opposed to the FUD beeing spread: it is not a new attack vector. of course, sequence numbers et al are checked earlier, and then, md5 is damn cheap anyway even on that tiny CPUs found in these green routers tcp md5sig is extremly easy to configure, works with green and blue boxes, almost no overhead: USE IT!