Re: Protection against Man-in -d -middle attack

You will be penalized. If Scott Morris talks to you in your dreams because
you've played the old IPExpert audio too many times (ewwwww) than this
would be clear.

If the lab asked you to use the password "Cisco" with "hashing" or
something, you have failed. The key1 that you created with "Cisco" as the
password was not used. The default key was. So no points for that. Also, by
not using message-digest the key is not hashed so you failed the encryption
requirement as well.

Make sure you use the message-digest command to ensure encryption and also
make sure you use the correct key ID. Also remember the key ID is not
relative to the interface. In other words, just cause it's the first key
applied to an interface doesn't mean it's key "1". It's going to have to
match the key id in your global config. So if your global config was key 7,
then it needs to be key 7 on the interface.

back to my nap...... ahhhh... ospf..... Totally Stubby.... Dude.....

Charles Henson

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------|
  |olugbenga lasisi <logpoet_at_gmail.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------|
  |Marko Milivojevic <markom_at_ipexpert.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------|
  |Sadiq Yakasai <sadiqtanko_at_gmail.com>, Narbik Kocharians <narbikk_at_gmail.com>, Itechguru <wajid.ccie_at_gmail.com>, Thameem Maranveetil Parambath|
  |<security.goodie_at_gmail.com>, ccielab_at_groupstudy.com |
>--------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------|
  |03/25/2010 05:09 PM |
>--------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: Protection against Man-in -d -middle attack |
>--------------------------------------------------------------------------------------------------------------------------------------------|

Here i come again.

So i was trying configure MD5 authentication in OSPF. After issuing the *"
ip ospf authentication message-digest *" interface command i entered the
*"ip
ospf authentication-key"* command and the authetentication worked fine. But
after reading i realised the right command should have been "*ip ospf
message-digest-key key # "* should have been the ideal command.

Out of curiosity i decided to figure out why the config worked in the first
place, so i realised from the show interface ospf output that it used
the *default
key (key 0).*

 *My questions are;
1) In a lab scenario will i be penalised for not using the latter command
(Ip ospf authentication message-digest-key)?
2) Using the default key (key 0), will the authentication key still be
encrypted?*

On Thu, Mar 25, 2010 at 10:45 AM, olugbenga lasisi
<logpoet_at_gmail.com>wrote:

> Now i smell that i am in trouble :-)....Okay let me see it in another
light
> ....an opportunity for me to learn through the clash of two
Titans....hmmm!!
> that seems like a fun way to learn..so i am game..
>
> I am currenlty studying OSPF and i do have few things i do hope to
> clarify... But i ll first lab them up and by COB i ll put forth questions
on
> areas i need clarification...
>
> So guys, it is with great humility and in the interest of all CCIE
> wannabees that i present to the whole GS the premiere of this great movie
"
> The CLASH OF THE TITANS RELOADED"..... Sit back relax and have fun
> learning... :-)
>
>
>
>
> On Thu, Mar 25, 2010 at 10:08 AM, Marko Milivojevic
<markom_at_ipexpert.com>wrote:
>
>> On Wed, Mar 24, 2010 at 20:40, olugbenga lasisi <logpoet_at_gmail.com>
>> wrote:
>> > We have all been given accolades to the two giants. How about the
>> guy(me)
>> > that started the fire? :-) .. but really, there is no way i can
forget
>> what
>> > i have learnt here... This is how a learning process should be.
>>
>> Dear friend,
>>
>> I have been challenged and humbled by your apparently simple question.
>> You provoked both Narbik and me to go out and prove our points with
>> one of us coming out as clear winner. In the process, we all learned.
>> For that, I thank you.
>>
>> For the fact you made me prove myself wrong... you are NEVER going to
>> be forgiven. Unless, of course, you can come up with a new question to
>> help me clear my name ;-)
>>
>> --
>> Marko Milivojevic - CCIE #18427
>> Senior Technical Instructor - IPexpert
>>
>> YES! We include 400 hours of REAL rack
>> time with our Blended Learning Solution!
>>
>> Mailto: markom_at_ipexpert.com
>> Telephone: +1.810.326.1444
>> Fax: +1.810.454.0130
>> Web: http://www.ipexpert.com/

Blogs and organic groups at http://www.ccie.net
Received on Thu Mar 25 2010 - 21:36:47 ART