I would agree.....we have to distinguish between authentication and
encryption.
MD5 is a one-way hashing algorithm used to protect the "integrity" of a
message or packet. MD5 isn't a cipher used to actually encrypt the stream of
bits in a packet into some unreadable form like 3DES, etc. OSPF appends the
message digest (using shared keys) to the OSPF packet - the entire packet is
not encrypted. The receiving router knows the same key and calculates the
same hash value to validate the packet - if it's a match it can trust the
received packet, if not, it is discarded. All we are doing is making sure
the pkt can be trusted vs. protecting it from interception by encryption
which is why moving to unicast would be the best option for this question...
Hth.....
Aundra (Andre) Browning
CCIE #21901 (R&S)
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Nicholas Davitashvili
Sent: Tuesday, June 30, 2009 5:55 PM
To: Joe Astorino
Cc: Anthony Sequeira; Mohamed El Henawy; ccie groupstudy
Subject: Re: OSPF Question...other devices in LAN cant intercept
communicatio bet 2 neighbors
Joe,
I don't mean passwords. I mean the payload of ospf packet (routes, area IDs,
FA, etc.).
Thus if we intercept the OSPF packet, we'll manage to read the contents of
it, but we can't spoof the hash since we don't know the actual password.
Nick
GREENNET
Lat: 41043'25.46"N
Long: 44045'45.60"E
On Wed, Jul 1, 2009 at 1:52 AM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
> Nicholas,
>
>
>
> Not as far as I know. MD5 will only send hash across the network, not any
> actual passwords
>
>
>
> Regards,
>
> Joe Astorino
> CCIE #24347 (R&S)
> Sr. Support Engineer � IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> *From:* nickda_at_gmail.com [mailto:nickda_at_gmail.com] *On Behalf Of *Nicholas
> Davitashvili
> *Sent:* Tuesday, June 30, 2009 5:49 PM
> *To:* Joe Astorino
> *Cc:* Anthony Sequeira; Mohamed El Henawy; ccie groupstudy
>
> *Subject:* Re: OSPF Question...other devices in LAN cant intercept
> communicatio bet 2 neighbors
>
>
>
> Joe,
>
> I was under impression that md5 authentication will not prevent us from
> actually reading the payload as it is authenticated, but not encrypted.
>
> Please correct me if I'm wrong.
>
> Nick
> GREENNET
> Lat: 41043'25.46"N
> Long: 44045'45.60"E
>
> On Wed, Jul 1, 2009 at 1:40 AM, Mohamed El Henawy <m.henawy_at_link.net>
> wrote:
>
> Thanks Anthony ,Joe
>
> perhaps I went too far with my thinking for this question ( Technology
labs
> made me think of a lot of options ) it was more simple than that but the
> point about asking the proctor is very good ..hope they will be answering
:)
> and your are correct Joe..read data and intercept it are different and I
> don't think the proctor will spend any minutes thinking about the
difference
> bet the 2 words
> even though I'm officially lost the points for this question but still
I'm
> comfortable...some how in real life I would have put the pwd...still ..I
> know very well I study for the exam not for real life
> Anyway...Thanks a lot for your reply so much appreciated really
>
>
>
> ----- Original Message ----- From: "Anthony Sequeira" <asequeira_at_ine.com>
> To: "Mohamed El Henawy" <m.henawy_at_link.net>
> Cc: "ccie groupstudy" <ccielab_at_groupstudy.com>
> Sent: Wednesday, July 01, 2009 12:29 AM
> Subject: Re: OSPF Question...other devices in LAN cant intercept
> communicatio bet 2 neighbors
>
>
>
> Hi Mohamed!
>
> Your solution is not strange at all. You are thinking OSPF security and
> that is an excellent thing.
>
> In the actual exam, you need to read very, very carefully to determine the
> tool or strategy the proctors are looking/grading for. When in doubt, go
to
> them and explain your reasoning for choosing one tool over another and
see
> if they can provide some guidance. If we had wanted OSPF authentication
in
> the task, you would have noticed that we would have hinted at what
> kind...null, clear text, MD5. Notice that we tend to hint, not come right
> out and dictate it.
>
> What is most important as you go through our training is that you continue
> to practice task interpretation and master all of the options that exist
for
> solving a particular task. The actual lab will be sure to challenge your
> problem solving skills...and sometimes requires quite a bit of
creativity.
>
> Congratulations on your journey - enjoy every minute!
>
> Warmest Regards,
>
> Anthony J. Sequeira, CCIE #15626
> http://www.INE.com
>
>
>
>
>
> On Jun 30, 2009, at 5:05 PM, Mohamed El Henawy wrote:
>
> Hello Group ,
>
> hope someone can guide me here
>
> I started doing my 1st IE Workbook2
>
> there is this question OSPF bet 2 routers in same LAN , question asking
> ensure that host devices running ospf on the segment cant intercept the
> ospf
> communication bet the 2 routers...i put authentication under the interface
> and
> the answer was with neighbor command..pretty simple
>
> my question is....wouldn't having pwd would make the traffic cant be
> intercepted ??...
>
> i don't know why I think of such strange solutions....i'm not even that
> expert
>
>
> Thanks .
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> Checked by AVG - www.avg.com
> Version: 8.5.375 / Virus Database: 270.13.0/2210 - Release Date: 06/30/09
> 06:10:00
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 30 2009 - 18:21:34 ART