Re: Preventing rogue hosts from intercepting rip packets

From: Sean C (Upp_and_Upp@hotmail.com)
Date: Thu May 05 2005 - 19:53:46 GMT-3

• Next message: John Matus: "RE: ip helper-address command"
• Previous message: Brian Dennis: "RE: ip helper-address command"
• Maybe in reply to: ccie2be: "Preventing rogue hosts from intercepting rip packets"
• Next in thread: Jim: "Re: Preventing rogue hosts from intercepting rip packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I agree with Andrew on this one. Setting authentication won't stop a rogue
host from intercepting the packets, albeit the packets will be encrypted,
but they'll still be intercepted. Sending the packets to a unicast address
instead of a multicast and using passive ints, that will prevent the rogue
host from intercepting the packets.

HTH, Sean
----- Original Message -----
From: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>
To: "Shaikh, Nasir" <Nasir.Shaikh@atosorigin.com>; "ccie2be"
<ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Thursday, May 05, 2005 5:37 PM
Subject: RE: Preventing rogue hosts from intercepting rip packets

> Interesting...
>
> My inclination is towards passive default and neighbor commands. Either
> RIP 1 or 2 will cause a switch to forward frames out all ports (e.g.
> broadcast and multicast) not received. So, to prevent rogue hosts from
> intercepting rip packets in general I would opt to unicast my updates.
>
> I would think authentication would be a secondary concern.
>
> But, knowing this lab... Do both!~
>
> -----Original Message-----
> From: Shaikh, Nasir [mailto:Nasir.Shaikh@atosorigin.com]
> Sent: Thursday, May 05, 2005 11:28 AM
> To: ccie2be; Group Study
> Subject: RE: Preventing rogue hosts from intercepting rip packets
>
>
> Tim,
> I believe the requirement is asking for authentication. So method 1 (I
> guess you mean passive interface) does not suffice. I would go for
> method 2
> and if the requirements of the task allow then combine method 1 and 2
>
> greetz
> Nash
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> ccie2be
> Sent: donderdag 5 mei 2005 16:00
> To: Group Study
> Subject: Preventing rogue hosts from intercepting rip packets
>
>
> Hi guys,
>
> To achieve the above requirement which method do you think is better?
> If you think one method is better than another, do you also think the
> less preferred method would be considered wrong in the lab?
>
> Method 1
>
> use default interface and neighbor combo or
>
> Method 2
>
> use authentication on the links involved or
>
> Method 3
>
> Use both Method 1 and Method 2
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: John Matus: "RE: ip helper-address command"
• Previous message: Brian Dennis: "RE: ip helper-address command"
• Maybe in reply to: ccie2be: "Preventing rogue hosts from intercepting rip packets"
• Next in thread: Jim: "Re: Preventing rogue hosts from intercepting rip packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3