>Can't find the link off hand, but recently I read something on the Cisco web >site about L2 vulnerabilities - mac flooding or something. > >In any case, what it comes down to is that the possibility exists that >someone of evil intent could sniff a network and discover something useful >that could be used to cause problems later. > >Why have OSPF authentication on internal links? Why have chap authentication >on dial up lins? After all, who's out there tapping your telephones?
I understand your reasoning here but I have to slightly disagree with it. In a LAN I'd possibly agree with this, but if someone is sniffing your WAN or MAN connections then you have way bigger problems than CDP! If someone at the telco has inserted a sniffer into the frame relay network or onto a point-to-point link then they're already going to be getting a lot more information than CDP provides, and turning CDP off would be worthless. They'll already see all of your routing updates as well as all unencrypted traffic. They'll also already know what the endpoints of that circuit are so how would CDP help them? It wouldn't. On a LAN you run into the problem of physical access. If someone can physically access a hub or a switch they might be able to access your network. In a case like that perhaps you'd want to turn off CDP, but I'd suggest upgrading your physical security before turning off CDP. If there's the potential for a stranger to get into one of your wiring closets and hook up with a laptop then again, you have much bigger problems than just CDP. > >What do you want - convenience or security? Cuz maybe you can't have both. > >Kinda like at the airport. Maybe you feel safer because they're searching >people like me, who really do look like criminals, but do you feel safer if >they're searching 80 year old ladies and 5 year old children? Could either >one of those types pose a security risk? Interesting tradeoff, isn't it. >particularly given certain incidents in a particular country of late. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65312&t=65312 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
