RE: Routing protocols, Internet vs Enterprises

["Petter Bruland" <pbruland () fcglv com>]

It's funny how someone asks for something simple, like a list of routing
protocols and we end up with tons of good information about where the
different protocols should be used.

That is one thing I really appreciate about this list, so thanks for
lots of good postings.

** Maybe I can sneak a question in here, and see if it get noticed or
maybe even answered ;-)
In a Windows 2003 Active Directory "network", is there a way to turn on
audit to the point where you would be able to find out what end device
locked out an account? I've dug around and I'm not able to get any
useful information out of the security audit log/event viewer...

Thanks again.

-Petter

-----Original Message-----
From: gjgowey () tmo blackberry net [mailto:gjgowey () tmo blackberry net] 
Sent: Wednesday, September 26, 2007 4:10 PM
To: Jim Mellander
Cc: Petter Bruland; listbounce () securityfocus com; itsec.info;
security-basics () securityfocus com
Subject: Re: Routing protocols, Internet vs Enterprises

I used to be able to go one better.  I had a fluke optiview just sitting
on the network attached to a gig port with all the snmp community
strings for the switches and routers in it.  If someone did something
stupid I could trace down to what port of what switch they were sitting
on and just shut it off.

Geoff
 
Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Jim Mellander <jmellander () lbl gov>

Date: Wed, 26 Sep 2007 15:38:26
To:gjgowey () tmo blackberry net
Cc:Petter Bruland <pbruland () fcglv com>, listbounce () securityfocus com,
"itsec.info" <itsec.info () gmail com>, security-basics () securityfocus com
Subject: Re: Routing protocols, Internet vs Enterprises


gjgowey () tmo blackberry net wrote:
> With companies one of the first questions that I think some people
forget to ask is if a routing protocol is really necessary for the
network topology that they have.  Routing protocols are only really
useful for when you have multiple paths out of your particular subnet.
If you only have one path out then using any routing protocol is
needless.
> That may seem like common sense, but I used to work for one large
employer who, because the network admins weren't too bright about
routing, used ospf on every router they had to link all their buildings.
Even though each router only had a single T1 connecting it directly to
the core router at the noc and that router had a direct 10/100 link to
the upstream providers router.  I'd tell more, but I think some people
here would think I was bullshitting.
> Geoff

Even in a situation as you describe, using a routing protocol is not
entirely without benefit.  For instance, suppose a miscreant host is
spewing spam to the internal network, and the internet.  We could log
into the router closest to the host and put a host-level null route in
place, thus confining the hosts miscreant activity to its broadcast
domain.  If a routing protocol (OSPF, even RIP) is in place, the routing
update can be made to a central router, which will then propagate it -
which would likely make such activities easier to script, and manage.


--
Jim Mellander
Incident Response Manager
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 486-7204

The reason you are having computer problems is:

Did you pay the new Support Fee?