North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: IGPs and services?
- From: Roeland Meyer (E-mail)
- Date: Fri May 19 13:40:14 2000
> From: Bryan C. Andregg [mailto:bandregg@redhat.com]
> Sent: Thursday, May 18, 2000 8:15 AM
>
> On Wed, May 17, 2000 at 10:14:58PM -0400, jlewis@lewis.org
mailed:
> > Running a routing protocol on a unix box doesn't mean
> you're using it as a
> > router. Perhaps he just wants OSPF on a few servers so
> they can send
> > their packets more efficiently. Consider a case where you
> have a few
> > access servers and unix servers on the same switch and a
> router connecting
> > that POP to your backbone. Having a routing protocol on
> those unix boxes
> > means they can send packets directly to the appropriate
> access server (or
> > the router) rather than everything to the router, just to
> have it spit the
> > packets back out headed for an access server on that segment.
>
> Pardon my ignorance here, but wont ICMP redirects take care
> of this situation
> already?
ICMP redirects create a potential security vulnerability, for
man-in-the-middle attacks. MHSC.NET doesn't allow them. Not host,
at MHSC.NET, will respond to them (in theory <g>).
|
