What Worked - What Didn't

John Kristoff jtk at depaul.edu
Tue Sep 18 22:17:37 UTC 2001


Roeland Meyer wrote:
> Why, IGP shouldn't even be visible from outside the border, neh? Internal
> issues are, internal issues. If it leaks, plug the leak.

It may be possible for for an attacker to send updates either from the
outside or perhaps more effectively from inside via a compromised host. 
In addition to authentication mechanisms, anti-spoofing/sanity filters
could also help.  Disabling the reception/advertisement of updates from
certain physical interfaces entirely that don't need them may also be
helpful.

John



More information about the NANOG mailing list