Paul Ferguson <pferguso @
cisco .
com> wrote:
> >From the 'For What Its Worth Department' -
>
> I would venture to say that this is less an issue of the related
> operating system of the device and more an issue of route acceptance
> policy and the underlying methods of doing so. :-)
>
> Blindly accepting dynamic routing information from upstream sources
> can be a dangerous thing.
Agreed. However, routing protocols are only a single instance of traffic that
requires authentication. That's why everyone should Run Not Walk to their
router/workstation vendor and ask about their plans for RFC 1826 (The IP
Authentication Header).
Note that there will be some people who want to run Virtual Private Networks
across an internet, and want to hide routing information (as opposed to
simply authenticating it). These folks will want to ask their vendor about
RFC 1827 (IP Encapsulating Security Payload). Note that encapsulating routing
information should be done with care, lest you introduce routing loops and
hopelessly wedge your net. ;-)
--
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
|
|
