[afnog] OSPF vulnerability in multiple Cisco products
Mark Tinka
mark.tinka at seacom.mu
Fri Aug 2 11:01:21 UTC 2013
On Friday, August 02, 2013 10:32:08 AM Phil Regnauld wrote:
> True - it was mentioned on a NOG discussion channel
how
> the OSPF spec doesn't require the Link State ID and the
> AR (advertising router) fileds to match when a router
> receives an LSA (trying to find the source of this
> statement), but some vendors actually do verify this.
OSPF is an open protocol, so switching vendors is not
practical.
Different vendors add their own mix of proprietary "things"
to open protocols all the time.
Just use authentication or use an IGP that doesn't run on
IP.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://afnog.org/pipermail/afnog/attachments/20130802/a80f239e/attachment.sig>
More information about the afnog
mailing list