> Date: Sat, 27 Dec 2008 15:23:25 -0500 > From: "Steven M. Bellovin" <s...@cs.columbia.edu> > > On Fri, 26 Dec 2008 20:37:41 -0800 > "Kevin Oberman" <ober...@es.net> wrote: > > > The main reason I prefer ISIS is that it uses CLNS packets for > > communications and we don't route CLNS. (I don't think ANYONE is > > routing CLNS today.) That makes it pretty secure. > > Unless, of course, someone one hop away -- a peer? a customer? an > upstream or downstream? someone on the same LAN at certain exchange > points? -- sends you a CLNP packet at link level...
You mean that someone is silly enough to enable CLNS on external interfaces? I mean, it's not by default on either Cisco or Juniper. I don't imagine any other routers do that, either. (Of course, SOMEONE is always that silly. But I hope the folks reading this are not.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgpPe26dUNlK1.pgp
Description: PGP signature