[c-nsp] Possible security issue with CDP
Brandon Price
brandon at sterling.net
Fri Jun 27 13:13:36 EDT 2008
I am sure this is a stupid question but I have to ask..
Is there any compelling reason to run CDP in a service provider
environment?
Ever since I discovered that CDP existed I have been disabling it.
It seems like its entire purpose is to annoy people with inaccurate
console messages about duplex and vlan mismatches.....
Brandon Price
Sterling Communications Inc.
/31 <--- The Subnet Formally Known as "Unusable"
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
> Sent: Friday, June 27, 2008 4:24 AM
> To: Hank Nussbacher
> Cc: cisco-nsp at puck.nether.net; Jared Mauch
> Subject: Re: [c-nsp] Possible security issue with CDP
>
> On Fri, Jun 27, 2008 at 06:42:27AM +0300, Hank Nussbacher wrote:
> > On Thu, 26 Jun 2008, Aaron wrote:
> >
> > No. It was disabled per specific interfaces. That
> interface had cdp
> > turned off but changing from ppp to hdlc overrode the specific cdp
> > command we had set on the interface.
>
> Which makes as much sense as enabling/disabing an access-list on
> the interface. It sounds like something is really not right over
> at Cisco. What other things will they do? add some random
> other feature
> like turn on appletalk or decnet when you change the encapsulation?
> I doubt those random features even nvgen that they're enabled
> so you may
> not even have a clue. Not good.
>
> - jared
>
> --
> Jared Mauch | pgp key available via finger from jared at puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements
> are only mine.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list