From owner-freebsd-security  Wed Jul 17 01:40:35 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA09688
          for security-outgoing; Wed, 17 Jul 1996 01:40:35 -0700 (PDT)
Received: from silver.sms.fi (root@silver.sms.fi [194.111.122.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA09653
          for <freebsd-security@freebsd.org>; Wed, 17 Jul 1996 01:40:20 -0700 (PDT)
Received: (from pete@localhost) by silver.sms.fi (8.7.5/8.6.9) id LAA03606; Wed, 17 Jul 1996 11:39:36 +0300 (EET DST)
Date: Wed, 17 Jul 1996 11:39:36 +0300 (EET DST)
Message-Id: <199607170839.LAA03606@silver.sms.fi>
From: Petri Helenius <pete@sms.fi>
To: Will Brown <ewb@zns.net>
Cc: freebsd-security@freebsd.org
Subject: routing security?
In-Reply-To: <199607041418.KAA00137@selway.i.com>
References: <199607041418.KAA00137@selway.i.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Will Brown writes:
 > Seems to me that routing protocols such as RIP, OSPF, BGP, etc. would
 > be juicy targets for attack, yet I have never heard of any such attacks
 > or vulnerability - as though they are somehow immune, or have been
 > overlooked, or I have me head in sand.
 >
BGP is hardest of these since it's connection oriented and spoofing
that is pretty close to impossible. Sending fake RIP entries is
trivial, OSPF (when run without authentication) is doable but not
easy. 

 > Yes I are hackere loking to you tell me how to cwack your systemes
 > in fun new way :)
 > 
If you are concerned with routing security, run your routing protocols
with authentication enabled. This specially stands true for your
IGP. (for which OSPF is a good choice)

Pete