4.8.1 Ensure authentication is set to MD5


MSDP Peers should be authenticated.


When deployed MSDP it provides PIM-SM with information for routing Multicast traffic and is critical to operation of Multicast services on the network. If no authentication is used, an attacker may inject false information into the PIM-SM distribution tree, resulting in potential Denial of Service or Integrity compromise.

MSDP packets can be authenticated using a Keyed Hash-based Message Authentication Code (HMAC) generated by hashing elements of the of the update packet combined with a shared secret using MD5.

NOTE: MSDP does not appear to be configured on the target. This check is not applicable.


If you have deployed MSDP, authentication can be configured on a peer by peer basis, by issuing the following command from the [edit protocols msdp] hierarchy:

[edit protocols msdp]
user@host#set peer <peer address> authentication-key <key>

Default Value:

No MSDP is configured by default.

See Also


Item Details


References: 800-53|IA-5, 800-53|IA-5(1), CSCv7|16.4

Plugin: Juniper

Control ID: 657a34ca06c6dc85138a0f471691b26d5325b0805037792e39e07e794236437c