[12408] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: protecting operational networks

daemon@ATHENA.MIT.EDU (Ran Atkinson)
Mon Sep 15 11:57:23 1997

From: rja@corp.home.net (Ran Atkinson)
Date: Mon, 15 Sep 1997 08:47:21 -0700
In-Reply-To: "Sean M. Doran" <smd@clock.org>
        "Re: not rewriting next-hop, pointing default, ..." (Sep 13, 16:44)
To: nanog@merit.edu

On Sep 13 16:44, Sean M. Doran wrote:

% Then, some protection for routing protocols to make them
% both more robust and more secure, and life is a bit nicer.

IMHO, any serious network operator using OSPF or BGP should
have already deployed the techniques below (as applicable):
	OSPF with Keyed MD5 Authentication
	BGP-4 with the Keyed MD5 Authentication extension
		as a TCP option.

WRT ISIS, lack of a CLNP infrastructure limits the ability of
outsiders to attack a network.  Nonetheless, ISIS should probably
also get some kind of cryptographic authentication extension.

Ran
rja@home.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12408] in North American Network Operators' Group

Re: protecting operational networks

daemon@ATHENA.MIT.EDU (Ran Atkinson)Mon Sep 15 11:57:23 1997

daemon@ATHENA.MIT.EDU (Ran Atkinson)
Mon Sep 15 11:57:23 1997