[102650] in North American Network Operators' Group
Re: IX port security
daemon@ATHENA.MIT.EDU (Arnold Nipper)
Sun Feb 24 15:09:18 2008
Date: Sun, 24 Feb 2008 21:08:02 +0100
From: Arnold Nipper <arnold@nipper.de>
To: Andy Davidson <andy@nosignal.org>
CC: nanog@nanog.org
In-Reply-To: <E784E9FB-5204-42FE-BD96-089EFBDFB582@nosignal.org>
Errors-To: owner-nanog@merit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE985E697B5B9C2D9ADDC7F72
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
On 24.02.2008 16:58 Andy Davidson wrote
>=20
> On 23 Feb 2008, at 11:19, Greg VILLAIN wrote:
>=20
>> Thinking back about this thread we've had lately around IXes, I have =
>> some extra questions.
>> It is I assume the IX's responsibility to protect members from =20
>> harming each other through the peering LAN.
>=20
> That depends what you mean by protect. Any IX participant must =20
> remember that they're sharing an infrastructure with (by and large) =20
> competitors, and that there are particular miscreant activities that =20
> you as an IX participant must guard against, which your IX operators =20
> can't completely protect you from (I'm thinking pointing default, or =20
> attacks on port-facing router interfaces.)
>=20
both is imho not inherent to an IXP environment but may also happen on=20
private peerings.
Best regards,
Arnold
--=20
Arnold Nipper, AN45
--------------enigE985E697B5B9C2D9ADDC7F72
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHwc6jKgtiVw6P8EYRCJ5UAJ4j+UpKDOGBQniVhnhZVuRkw6dTswCgl+yW
jMoXAjRZ/L/ujbbk8+kTb7s=
=O1ab
-----END PGP SIGNATURE-----
--------------enigE985E697B5B9C2D9ADDC7F72--
