nanog mailing list archives

Re: What Worked - What Didn't

From: John Kristoff <jtk () depaul edu>
Date: Tue, 18 Sep 2001 17:17:37 -0500


Roeland Meyer wrote:

Why, IGP shouldn't even be visible from outside the border, neh? Internal
issues are, internal issues. If it leaks, plug the leak.


It may be possible for for an attacker to send updates either from the
outside or perhaps more effectively from inside via a compromised host. 
In addition to authentication mechanisms, anti-spoofing/sanity filters
could also help.  Disabling the reception/advertisement of updates from
certain physical interfaces entirely that don't need them may also be
helpful.

John

Current thread:

Re: What Worked - What Didn't, (continued)
- - - Re: What Worked - What Didn't Mike Lewinski (Sep 17)
    - Message not available
    - Re: What Worked - What Didn't Mike Lewinski (Sep 17)
    - RE: What Worked - What Didn't Randy Bush (Sep 17)
    - RE: What Worked - What Didn't Iljitsch van Beijnum (Sep 17)
    - RE: What Worked - What Didn't Randy Bush (Sep 17)
    - RE: What Worked - What Didn't Iljitsch van Beijnum (Sep 17)
- RE: What Worked - What Didn't Roeland Meyer (Sep 17)
- RE: What Worked - What Didn't Roeland Meyer (Sep 17)
  - Re: What Worked - What Didn't Jared Mauch (Sep 17)
  - Re: What Worked - What Didn't Jeff Aitken (Sep 17)
  - Re: What Worked - What Didn't John Kristoff (Sep 18)
- Re: What Worked - What Didn't Martin Cooper (Sep 17)
  - bgp md5 auth Randy Bush (Sep 17)
    - Re: bgp md5 auth John Kristoff (Sep 18)
    - Re: bgp md5 auth Randy Bush (Sep 18)