Re: OSPF Authentication Methods - (3) from GAURAV MADAN on 2011-05-20 (Ccielab archives 05/2011)

From: GAURAV MADAN <gauravmadan1177_at_gmail.com>
Date: Fri, 20 May 2011 17:14:12 +0400

"everyone" ........... not everyone Darby ..

if u somehow see Video on demand INE as well .... they also mention 3 type
of ospf auth ..

no auth
plain
md5

On Fri, May 20, 2011 at 4:27 PM, Darby Weaver <darby.weaver_at_gmail.com>wrote:

> That's what I love about the CCIE Lab...
>
> Everyone says there are "only" 2 types of authentication in OSPF....
>
> 1. Plain text
> 2. MD5
>
> If you listen to all your most knowledgeable friends on Groupstudy and a
> couple of three (maybe more CCIE's of some repute)...
>
> And then you find yourself in the "gladiator's chamber" one day... and a
> third is suggested by some hint of a vague clue...
>
> Unless you've heard of RFC2328 and then you find... there is a third... and
> you find yourself astonished in about the same way everyone else was when
> we
> found out that Luke Skywalker was not quite "The Last Hope" as mentioned by
> Yoda... Yep... there are three...
>
>
> OSPF as defined in
> [RFC2328<https://mail.google.com/mail/html/compose/static_files/rfc2328>]
> includes three different types of
> authentication schemes: Null authentication, simple password and
> cryptographic authentication. NULL authentication is akin to having
> no authentication at all. In the simple password scheme of
> authentication, the passwords are exchanged in the clear text on the
> network and anyone with physical access to the network can learn the
> password and compromise the security of the OSPF domain.
>
> In the cryptographic authentication scheme, the OSPF routers on a
> common network/subnet share a secret key which is used to generate a
> keyed MD5 digest for each packet and a monotonically increasing
> sequence number scheme is used to prevent replay attacks.
>
>
>
>
> --
> Darby Weaver
> Network Engineer
> http://www.darbyslogs.blogspot.com
>
> darbyweaver_at_yahoo.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri May 20 2011 - 17:14:12 ART

This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART