[28855] in North American Network Operators' Group
RE: IGPs and services?
daemon@ATHENA.MIT.EDU (Roeland Meyer (E-mail))
Fri May 19 13:39:18 2000
Reply-To: <rmeyer@mhsc.com>
From: "Roeland Meyer (E-mail)" <rmeyer@mhsc.com>
To: "'Bryan C. Andregg'" <bandregg@redhat.com>, <jlewis@lewis.org>
Cc: <ww@shadowfax.styx.org>, "'nicholas harteau'" <nrh@ikami.com>,
<nanog@merit.edu>
Date: Fri, 19 May 2000 10:36:38 -0700
Message-ID: <000401bfc1b8$c9dc6270$eaaf6cc7@PEREGRIN>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20000518101455.G919@redhat.com>
Errors-To: owner-nanog-outgoing@merit.edu
> From: Bryan C. Andregg [mailto:bandregg@redhat.com]
> Sent: Thursday, May 18, 2000 8:15 AM
>
> On Wed, May 17, 2000 at 10:14:58PM -0400, jlewis@lewis.org
mailed:
> > Running a routing protocol on a unix box doesn't mean
> you're using it as a
> > router. Perhaps he just wants OSPF on a few servers so
> they can send
> > their packets more efficiently. Consider a case where you
> have a few
> > access servers and unix servers on the same switch and a
> router connecting
> > that POP to your backbone. Having a routing protocol on
> those unix boxes
> > means they can send packets directly to the appropriate
> access server (or
> > the router) rather than everything to the router, just to
> have it spit the
> > packets back out headed for an access server on that segment.
>
> Pardon my ignorance here, but wont ICMP redirects take care
> of this situation
> already?
ICMP redirects create a potential security vulnerability, for
man-in-the-middle attacks. MHSC.NET doesn't allow them. Not host,
at MHSC.NET, will respond to them (in theory <g>).
