IETF Logo Mail Archive

Re: Security hole in RIP-2

Jeffrey C Honig <jch@nr-tech.cit.cornell.edu> Thu, 04 February 1993 21:27 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa12152; 4 Feb 93 16:27 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa12148; 4 Feb 93 16:27 EST
Received: from atlas.xylogics.com by CNRI.Reston.VA.US id aa21315; 4 Feb 93 16:27 EST
Received: by atlas.xylogics.com id AA13375 (5.65c/UK-2.1-930202); Thu, 4 Feb 1993 16:19:29 -0500
Received: from MITCHELL.CIT.CORNELL.EDU by atlas.xylogics.com with SMTP id AA00452 (5.65c/UK-2.1-930202); Thu, 4 Feb 1993 16:19:22 -0500
Received: from MITCHELL.CIT.CORNELL.EDU by mitchell.cit.cornell.edu (4.1/1.34/Honig-1.3) id AA27309; Thu, 4 Feb 93 16:12:21 EST
Message-Id: <9302042112.AA27309@mitchell.cit.cornell.edu>
To: ietf-rip@xylogics.com
Subject: Re: Security hole in RIP-2
In-Reply-To: Message from Gary Scott Malkin <gmalkin@xylogics.com> on Thu, 04 Feb 1993 10:26:12 -0500.<14005.199302041526@atlas.xylogics.com>
Organization: Information Technologies/Network Resources; Cornell University, Ithaca, NY
X-Mailier: MH-E [version 3.7+] MH [version 6.8]
Date: Thu, 04 Feb 1993 16:12:20 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Jeffrey C Honig <jch@nr-tech.cit.cornell.edu>

> There are two solutions.  Ideally, the router has to be smart enough to
> answer a RIP-1 query with a RIP-1 response, which may not be easy for
> some implementations.  Otherwise, the documentation must clearly state
> that authentication is only secure when the routers are configured to
> accept only RIP-2 packets, so that the RIP-1 query would be discarded.

I'd be in favor of stating that a RIP-1 query should be answered with
a RIP-1 response or not at all.

Jeff

v2.23.0 | Report a Bug | By Email