[42667] in North American Network Operators' Group
Re: What Worked - What Didn't
daemon@ATHENA.MIT.EDU (John Kristoff)
Tue Sep 18 18:18:56 2001
Message-ID: <3BA7C801.94A128DC@depaul.edu>
Date: Tue, 18 Sep 2001 17:17:37 -0500
From: John Kristoff <jtk@depaul.edu>
Reply-To: jtk@aharp.is-net.depaul.edu
MIME-Version: 1.0
To: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Roeland Meyer wrote:
> Why, IGP shouldn't even be visible from outside the border, neh? Internal
> issues are, internal issues. If it leaks, plug the leak.
It may be possible for for an attacker to send updates either from the
outside or perhaps more effectively from inside via a compromised host.
In addition to authentication mechanisms, anti-spoofing/sanity filters
could also help. Disabling the reception/advertisement of updates from
certain physical interfaces entirely that don't need them may also be
helpful.
John
