Date: Sat, 27 Dec 2008 15:23:25 -0500 From: "Steven M. Bellovin" <smb@cs.columbia.edu>
On Fri, 26 Dec 2008 20:37:41 -0800 "Kevin Oberman" <oberman@es.net> wrote:
The main reason I prefer ISIS is that it uses CLNS packets for communications and we don't route CLNS. (I don't think ANYONE is routing CLNS today.) That makes it pretty secure.
Unless, of course, someone one hop away -- a peer? a customer? an upstream or downstream? someone on the same LAN at certain exchange points? -- sends you a CLNP packet at link level...
You mean that someone is silly enough to enable CLNS on external interfaces? I mean, it's not by default on either Cisco or Juniper. I don't imagine any other routers do that, either. (Of course, SOMEONE is always that silly. But I hope the folks reading this are not.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751