On 23/Oct/15 10:48, Saku Ytti wrote:
> I believe this is because you need 802.3 (as opposed to EthernetII) > and rudimentary CLNS implementation, both which are very annoying from > programmer point of view. I'm not really sure what the hold-up is, but I know Mikael, together with the good folks at netDEF (Martin and Alistair) are working hard on fixing these issues. While I have not had much time to provide them with feedback on their progress, it is high on my agenda - not to mention funding support for them will only help the cause. > I hope ISIS would migrate to EthernetII and IP. From security point of > view, people often state how it's better that it's not IP, but in > reality, how many have verified the flip side of this proposal, how > easy it is to protect yourself from ISIS attack from connected host? > For some platforms the answer is, there is absolutely no way, and any > connected host can bring you down with trivial amount of data. Well, on the basis that an attack is made easier if you are running IS-IS on a vulnerable interface, in theory, an attack would be highly difficult if a vulnerable interface were not running IS-IS to begin with. But I do not have any empirical data on any attempts to attack IS-IS, successfully or otherwise. So your guess is as good as mine. Mark.
