04 Oct 2023 Techi Blog
Encapsulating messages at the IP layer or at the data link layer each presents both advantages and disadvantages. One point of contrast is security. Because it runs over IP, OSPF can be—and has been—the target of spoofing and denial-of-service (DoS) attacks. Several tools are openly available for both snooping and attacking OSPF, such as IRPAS and Nemesis. Because of this vulnerability, both authentication and careful filtering are strongly recommended on OSPF networks with exposure to untrusted sources. IS-IS is not vulnerable to IP-based external attacks because it is not an IP protocol and runs over the data link layer. Attacking IS-IS requires direct access to a network link or router.
