Nick,
Yes, thanks for pointing that out. You are right.
Regards,
Joe Astorino
CCIE #24347 (R&S)
Sr. Support Engineer � IPexpert, Inc.
URL: http://www.IPexpert.com
From: nickda_at_gmail.com [mailto:nickda_at_gmail.com] On Behalf Of Nicholas
Davitashvili
Sent: Tuesday, June 30, 2009 5:55 PM
To: Joe Astorino
Cc: Anthony Sequeira; Mohamed El Henawy; ccie groupstudy
Subject: Re: OSPF Question...other devices in LAN cant intercept
communicatio bet 2 neighbors
Joe,
I don't mean passwords. I mean the payload of ospf packet (routes, area IDs,
FA, etc.).
Thus if we intercept the OSPF packet, we'll manage to read the contents of
it, but we can't spoof the hash since we don't know the actual password.
Nick
GREENNET
Lat: 41043'25.46"N
Long: 44045'45.60"E
On Wed, Jul 1, 2009 at 1:52 AM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
Nicholas,
Not as far as I know. MD5 will only send hash across the network, not any
actual passwords
Regards,
Joe Astorino
CCIE #24347 (R&S)
Sr. Support Engineer � IPexpert, Inc.
URL: http://www.IPexpert.com
From: nickda_at_gmail.com [mailto:nickda_at_gmail.com] On Behalf Of Nicholas
Davitashvili
Sent: Tuesday, June 30, 2009 5:49 PM
To: Joe Astorino
Cc: Anthony Sequeira; Mohamed El Henawy; ccie groupstudy
Subject: Re: OSPF Question...other devices in LAN cant intercept
communicatio bet 2 neighbors
Joe,
I was under impression that md5 authentication will not prevent us from
actually reading the payload as it is authenticated, but not encrypted.
Please correct me if I'm wrong.
Nick
GREENNET
Lat: 41043'25.46"N
Long: 44045'45.60"E
On Wed, Jul 1, 2009 at 1:40 AM, Mohamed El Henawy <m.henawy_at_link.net> wrote:
Thanks Anthony ,Joe
perhaps I went too far with my thinking for this question ( Technology labs
made me think of a lot of options ) it was more simple than that but the
point about asking the proctor is very good ..hope they will be answering :)
and your are correct Joe..read data and intercept it are different and I
don't think the proctor will spend any minutes thinking about the difference
bet the 2 words
even though I'm officially lost the points for this question but still I'm
comfortable...some how in real life I would have put the pwd...still ..I
know very well I study for the exam not for real life
Anyway...Thanks a lot for your reply so much appreciated really
----- Original Message ----- From: "Anthony Sequeira" <asequeira_at_ine.com>
To: "Mohamed El Henawy" <m.henawy_at_link.net>
Cc: "ccie groupstudy" <ccielab_at_groupstudy.com>
Sent: Wednesday, July 01, 2009 12:29 AM
Subject: Re: OSPF Question...other devices in LAN cant intercept
communicatio bet 2 neighbors
Hi Mohamed!
Your solution is not strange at all. You are thinking OSPF security and
that is an excellent thing.
In the actual exam, you need to read very, very carefully to determine the
tool or strategy the proctors are looking/grading for. When in doubt, go to
them and explain your reasoning for choosing one tool over another and see
if they can provide some guidance. If we had wanted OSPF authentication in
the task, you would have noticed that we would have hinted at what
kind...null, clear text, MD5. Notice that we tend to hint, not come right
out and dictate it.
What is most important as you go through our training is that you continue
to practice task interpretation and master all of the options that exist for
solving a particular task. The actual lab will be sure to challenge your
problem solving skills...and sometimes requires quite a bit of creativity.
Congratulations on your journey - enjoy every minute!
Warmest Regards,
Anthony J. Sequeira, CCIE #15626
http://www.INE.com
On Jun 30, 2009, at 5:05 PM, Mohamed El Henawy wrote:
Hello Group ,
hope someone can guide me here
I started doing my 1st IE Workbook2
there is this question OSPF bet 2 routers in same LAN , question asking
ensure that host devices running ospf on the segment cant intercept the
ospf
communication bet the 2 routers...i put authentication under the interface
and
the answer was with neighbor command..pretty simple
my question is....wouldn't having pwd would make the traffic cant be
intercepted ??...
i don't know why I think of such strange solutions....i'm not even that
expert
Thanks .
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 30 2009 - 18:09:44 ART