That's what I love about the CCIE Lab...
Everyone says there are "only" 2 types of authentication in OSPF....
1. Plain text
2. MD5
If you listen to all your most knowledgeable friends on Groupstudy and a
couple of three (maybe more CCIE's of some repute)...
And then you find yourself in the "gladiator's chamber" one day... and a
third is suggested by some hint of a vague clue...
Unless you've heard of RFC2328 and then you find... there is a third... and
you find yourself astonished in about the same way everyone else was when we
found out that Luke Skywalker was not quite "The Last Hope" as mentioned by
Yoda... Yep... there are three...
OSPF as defined in
[RFC2328<https://mail.google.com/mail/html/compose/static_files/rfc2328>]
includes three different types of
authentication schemes: Null authentication, simple password and
cryptographic authentication. NULL authentication is akin to having
no authentication at all. In the simple password scheme of
authentication, the passwords are exchanged in the clear text on the
network and anyone with physical access to the network can learn the
password and compromise the security of the OSPF domain.
In the cryptographic authentication scheme, the OSPF routers on a
common network/subnet share a secret key which is used to generate a
keyed MD5 digest for each packet and a monotonically increasing
sequence number scheme is used to prevent replay attacks.
-- Darby Weaver Network Engineer http://www.darbyslogs.blogspot.com darbyweaver_at_yahoo.com Blogs and organic groups at http://www.ccie.netReceived on Fri May 20 2011 - 08:27:56 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART