Re: OSPF Authentication Methods - (3) [7:134182] from Darby Weaver on 2011-05-20 (Ccielab archives 05/2011)

From: Darby Weaver <darby.weaver_at_gmail.com>
Date: Fri, 20 May 2011 12:36:39 -0400

Perfect example Roy! Nice one.

Excellent and it speaks to one's options.

Thanks,

Darby

On Fri, May 20, 2011 at 12:30 PM, Roy Khan <roykhan123_at_hotmail.com> wrote:

> Hi
>
> Check the attached file it is OSPF Authentication Case study.
>
>
> > From: jb.poplawski_at_gmail.com
> > Date: Fri, 20 May 2011 08:35:00 -0500
>
> > Subject: Re: OSPF Authentication Methods - (3) [7:134182]
> > To: darby.weaver_at_gmail.com
> > CC: kaushalpec_at_gmail.com; cisco_at_groupstudy.com; ccielab_at_groupstudy.com
>
> >
> > They're offering lab vouchers?
> >
> > Sent from my iPhone
> >
> > On May 20, 2011, at 8:21 AM, Darby Weaver <darby.weaver_at_gmail.com>
> wrote:
> >
> > > Kewl - I've heard CCIE instructors state that since Null authentication
> is
> > > not either Plain text or MD5, then it was not a method.
> > >
> > > Um.. That can be a killer and cost points due inability to interpret
> > > especially when a candidate rules out the option as acceptable since a
> CCIE
> > > instructor told them otherwise.
> > >
> > > Ouch!
> > >
> > > Nothing like being taught to fail... quite successfully.
> > >
> > > FYI - If you get a chance can you visit linkedin, join the group, and
> click
> > > on the Like button to like my link please:
> > >
> > >
> > >
> http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=54123549&gid=3443017&commentID=39652172&trk=view_disc
> > >
> > > I'm trying to win a free exam voucher.
> > >
> > >
> > > Darby
> > >
> > > http://www.darbyslogs.blogspot.com
> > >
> > > On Fri, May 20, 2011 at 8:52 AM, manoj kaushal <kaushalpec_at_gmail.com>
> wrote:
> > >
> > >> I read about it in CCNP ROUTE book
> > >>
> > >> 1. NULL
> > >> 2. Plain text
> > >> 3. MD5
> > >>
> > >> On Fri, May 20, 2011 at 5:58 PM, Darby Weaver <darby.weaver_at_gmail.com
> >wrote:
> > >>
> > >>> That's what I love about the CCIE Lab...
> > >>>
> > >>> Everyone says there are "only" 2 types of authentication in OSPF....
> > >>>
> > >>> 1. Plain text
> > >>> 2. MD5
> > >>>
> > >>> If you listen to all your most knowledgeable friends on Groupstudy
> and a
> > >>> couple of three (maybe more CCIE's of some repute)...
> > >>>
> > >>> And then you find yourself in the "gladiator's chamber" one day...
> and a
> > >>> third is suggested by some hint of a vague clue...
> > >>>
> > >>> Unless you've heard of RFC2328 and then you find... there is a
> third...
> > >>> and
> > >>> you find yourself astonished in about the same way everyone else was
> when
> > >>> we
> > >>> found out that Luke Skywalker was not quite "The Last Hope" as
> mentioned
> > >>> by
> > >>> Yoda... Yep... there are three...
> > >>>
> > >>>
> > >>> OSPF as defined in
> > >>> [RFC2328]
> > >>> includes three different types of
> > >>> authentication schemes: Null authentication, simple password and
> > >>> cryptographic authentication. NULL authentication is akin to having
> > >>> no authentication at all. In the simple password scheme of
> > >>> authentication, the passwords are exchanged in the clear text on the
> > >>> network and anyone with physical access to the network can learn the
> > >>> password and compromise the security of the OSPF domain.
> > >>>
> > >>> In the cryptographic authentication scheme, the OSPF routers on a
> > >>> common network/subnet share a secret key which is used to generate a
> > >>> keyed MD5 digest for each packet and a monotonically increasing
> > >>> sequence number scheme is used to prevent replay attacks.
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Darby Weaver
> > >>> Network Engineer
> > >>> http://www.darbyslogs.blogspot.com
> > >>>
> > >>> darbyweaver_at_yahoo.com
> > >> --
> > >> Kaushal
> > >>
> > >>
> > >
> > >
> > > --
> > > Darby Weaver
> > > Network Engineer
> > > http://www.darbyslogs.blogspot.com
> > >
> > > darbyweaver_at_yahoo.com
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>

-- 
Darby Weaver
Network Engineer
http://www.darbyslogs.blogspot.com
darbyweaver_at_yahoo.com
Blogs and organic groups at http://www.ccie.net

Received on Fri May 20 2011 - 12:36:39 ART

This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART