Security Basics mailing list archives
Re: Routing protocols, Internet vs Enterprises
From: gjgowey () tmo blackberry net
Date: Wed, 26 Sep 2007 23:09:57 +0000
I used to be able to go one better. I had a fluke optiview just sitting on the network attached to a gig port with all the snmp community strings for the switches and routers in it. If someone did something stupid I could trace down to what port of what switch they were sitting on and just shut it off. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: Jim Mellander <jmellander () lbl gov> Date: Wed, 26 Sep 2007 15:38:26 To:gjgowey () tmo blackberry net Cc:Petter Bruland <pbruland () fcglv com>, listbounce () securityfocus com, "itsec.info" <itsec.info () gmail com>, security-basics () securityfocus com Subject: Re: Routing protocols, Internet vs Enterprises gjgowey () tmo blackberry net wrote:
With companies one of the first questions that I think some people forget to ask is if a routing protocol is really necessary for the network topology that they have. Routing protocols are only really useful for when you have multiple paths out of your particular subnet. If you only have one path out then using any routing protocol is needless. That may seem like common sense, but I used to work for one large employer who, because the network admins weren't too bright about routing, used ospf on every router they had to link all their buildings. Even though each router only had a single T1 connecting it directly to the core router at the noc and that router had a direct 10/100 link to the upstream providers router. I'd tell more, but I think some people here would think I was bullshitting. Geoff
Even in a situation as you describe, using a routing protocol is not entirely without benefit. For instance, suppose a miscreant host is spewing spam to the internal network, and the internet. We could log into the router closest to the host and put a host-level null route in place, thus confining the hosts miscreant activity to its broadcast domain. If a routing protocol (OSPF, even RIP) is in place, the routing update can be made to a central router, which will then propagate it - which would likely make such activities easier to script, and manage. -- Jim Mellander Incident Response Manager Computer Protection Program Lawrence Berkeley National Laboratory (510) 486-7204 The reason you are having computer problems is: Did you pay the new Support Fee?
Current thread:
- Routing protocols, Internet vs Enterprises itsec.info (Sep 26)
- RE: Routing protocols, Internet vs Enterprises Bill Higgins (Sep 26)
- RE: Routing protocols, Internet vs Enterprises Petter Bruland (Sep 26)
- Re: Routing protocols, Internet vs Enterprises gjgowey (Sep 26)
- Re: Routing protocols, Internet vs Enterprises Jim Mellander (Sep 27)
- Re: Routing protocols, Internet vs Enterprises gjgowey (Sep 27)
- RE: Routing protocols, Internet vs Enterprises Petter Bruland (Sep 27)
- RE: Routing protocols, Internet vs Enterprises Bhardwaj, Akash (Sep 27)
- RE: Routing protocols, Internet vs Enterprises TVB NOC (Sep 27)
- Re: Routing protocols, Internet vs Enterprises gjgowey (Sep 26)
- Message not available
- Re: Routing protocols, Internet vs Enterprises itsec . info (Sep 27)
- RE: Routing protocols, Internet vs Enterprises TVB NOC (Sep 27)
- RE: Routing protocols, Internet vs Enterprises David Gillett (Sep 27)
- R: Routing protocols, Internet vs Enterprises Vega - Brunello Ivan (Sep 27)
- Re: R: Routing protocols, Internet vs Enterprises gjgowey (Sep 27)
- <Possible follow-ups>
- Re: Re: Routing protocols, Internet vs Enterprises cstubbs (Sep 28)