Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?
Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?
Configuring a passive interface on R2 toward 172.16.20.0 ensures that OSPF advertisements for this network are still seen in the OSPF domain, but the router will not form OSPF neighbor relationships through that interface. This effectively prevents an attacker from advertising fake OSPF routes into the network via the 172.16.20.0 interface, thus enhancing security while still allowing the network to be advertised in OSPF.
The question itself is the definition of "passive interface"
We labbed this in EVE-NG and setting the interface facing 172.16.20.0/24 does indeed mean this network remains in OSPF but any relationship between a router on that subnet will fail to establish. C is correct.
C. Passive interface means R2 won't form neighbor relationships out that interface, and therefore can't learn routes via that subnet
Agree C, https://study-ccna.com/ospf-passive-interface/#:~:text=The%20%27passive%2Dinterface%27%20command,interface%20is%20to%20increase%20security.
agree with passive interface I choose C
C is correct
C. Gimme question.
i choose C
reference: https://networklessons.com/ospf/ospf-passive-interface
i think is C
I choose C
C is correct Passive interface
C is correct without reading other options
D is the answer as if you look at the question, it is to stop fake routes from being injected into OSPF but we still need to advertise this subnet so there is OSPF neighborship and passive interface is not relevant. Applying filter to reject other router is more realistic