North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What Worked - What Didn't

  • From: John Kristoff
  • Date: Tue Sep 18 18:21:46 2001

Roeland Meyer wrote:
> Why, IGP shouldn't even be visible from outside the border, neh? Internal
> issues are, internal issues. If it leaks, plug the leak.

It may be possible for for an attacker to send updates either from the
outside or perhaps more effectively from inside via a compromised host. 
In addition to authentication mechanisms, anti-spoofing/sanity filters
could also help.  Disabling the reception/advertisement of updates from
certain physical interfaces entirely that don't need them may also be