Security Basics mailing list archives

Re: Routing protocols, Internet vs Enterprises

From: gjgowey () tmo blackberry net
Date: Wed, 26 Sep 2007 23:09:57 +0000

I used to be able to go one better.  I had a fluke optiview just sitting on the network attached to a gig port with all 
the snmp community strings for the switches and routers in it.  If someone did something stupid I could trace down to 
what port of what switch they were sitting on and just shut it off.

Geoff
 
Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Jim Mellander <jmellander () lbl gov>

Date: Wed, 26 Sep 2007 15:38:26 
To:gjgowey () tmo blackberry net
Cc:Petter Bruland <pbruland () fcglv com>, listbounce () securityfocus com,       "itsec.info" <itsec.info () gmail 
com>, security-basics () securityfocus com
Subject: Re: Routing protocols, Internet vs Enterprises


gjgowey () tmo blackberry net wrote:

With companies one of the first questions that I think some people forget to ask is if a routing protocol is really 
necessary for the network topology that they have.  Routing protocols are only really useful for when you have 
multiple paths out of your particular subnet.  If you only have one path out then using any routing protocol is 
needless.

That may seem like common sense, but I used to work for one large employer who, because the network admins weren't 
too bright about routing, used ospf on every router they had to link all their buildings.  Even though each router 
only had a single T1 connecting it directly to the core router at the noc and that router had a direct 10/100 link to 
the upstream providers router.  I'd tell more, but I think some people here would think I was bullshitting.

Geoff


Even in a situation as you describe, using a routing protocol is not
entirely without benefit.  For instance, suppose a miscreant host is
spewing spam to the internal network, and the internet.  We could log
into the router closest to the host and put a host-level null route in
place, thus confining the hosts miscreant activity to its broadcast
domain.  If a routing protocol (OSPF, even RIP) is in place, the routing
update can be made to a central router, which will then propagate it -
which would likely make such activities easier to script, and manage.


--
Jim Mellander
Incident Response Manager
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 486-7204

The reason you are having computer problems is:

Did you pay the new Support Fee?

Current thread:

Routing protocols, Internet vs Enterprises itsec.info (Sep 26)
- RE: Routing protocols, Internet vs Enterprises Bill Higgins (Sep 26)
- RE: Routing protocols, Internet vs Enterprises Petter Bruland (Sep 26)
  - Re: Routing protocols, Internet vs Enterprises gjgowey (Sep 26)
    - Re: Routing protocols, Internet vs Enterprises Jim Mellander (Sep 27)
    - Re: Routing protocols, Internet vs Enterprises gjgowey (Sep 27)
    - RE: Routing protocols, Internet vs Enterprises Petter Bruland (Sep 27)
    - RE: Routing protocols, Internet vs Enterprises Bhardwaj, Akash (Sep 27)
    - RE: Routing protocols, Internet vs Enterprises TVB NOC (Sep 27)
    - Message not available
    - Re: Routing protocols, Internet vs Enterprises itsec . info (Sep 27)
- Re: Routing protocols, Internet vs Enterprises Deno Vichas (Sep 26)
  - RE: Routing protocols, Internet vs Enterprises TVB NOC (Sep 27)
  - RE: Routing protocols, Internet vs Enterprises David Gillett (Sep 27)
  - R: Routing protocols, Internet vs Enterprises Vega - Brunello Ivan (Sep 27)
    - Re: R: Routing protocols, Internet vs Enterprises gjgowey (Sep 27)
- <Possible follow-ups>
- Re: Re: Routing protocols, Internet vs Enterprises cstubbs (Sep 28)