RFC Errata
RFC 9291, "A YANG Network Data Model for Layer 2 VPNs", September 2022
Source of RFC: opsawg (ops)See Also: RFC 9291 w/ inline errata
Errata ID: 7162
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Nikolai Malykh
Date Reported: 2022-10-13
Verifier Name: Rob Wilton
Date Verified: 2022-10-14
Section 9 says:
'ethernet-segments' and 'vpn-services': An attacker who is able to
access network nodes can undertake various attacks, such as
deleting a running L2VPN service, interrupting all the traffic of
a client. In addition, an attacker may modify the attributes of a
running service (e.g., QoS, bandwidth) or an ES, leading to
malfunctioning of the service and therefore to SLA violations. In
addition, an attacker could attempt to create an L2VPN service,
add a new network access, or intercept/redirect the traffic to a
non-authorized node. In addition to using NACM to prevent
authorized access, such activity can be detected by adequately
monitoring and tracking network configuration changes.
It should say:
'ethernet-segments' and 'vpn-services': An attacker who is able to
access network nodes can undertake various attacks, such as
deleting a running L2VPN service, interrupting all the traffic of
a client. In addition, an attacker may modify the attributes of a
running service (e.g., QoS, bandwidth) or an ES, leading to
malfunctioning of the service and therefore to SLA violations. In
addition, an attacker could attempt to create an L2VPN service,
add a new network access, or intercept/redirect the traffic to a
non-authorized node. In addition to using NACM to prevent
unauthorized access, such activity can be detected by adequately
monitoring and tracking network configuration changes.
Notes:
Typo in last sentence, should be "unauthorized".