Date: Sat, 27 Dec 2008 15:23:25 -0500
From: "Steven M. Bellovin" <email@example.com>
> The main reason I prefer ISIS is that it uses CLNS packets for
> communications and we don't route CLNS. (I don't think ANYONE is
> routing CLNS today.) That makes it pretty secure.
Unless, of course, someone one hop away -- a peer? a customer? an
upstream or downstream? someone on the same LAN at certain exchange
points? -- sends you a CLNP packet at link level...
You mean that someone is silly enough to enable CLNS on external
interfaces? I mean, it's not by default on either Cisco or Juniper. I
don't imagine any other routers do that, either. (Of course, SOMEONE is
always that silly. But I hope the folks reading this are not.)