[12283] in North American Network Operators' Group
Re: not rewriting next-hop, pointing default, ...
daemon@ATHENA.MIT.EDU (Karl Denninger)
Thu Sep 11 19:11:39 1997
Date: Thu, 11 Sep 1997 18:03:34 -0500
From: Karl Denninger <karl@Mcs.Net>
To: Randy Bush <randy@psg.com>
Cc: Ran Atkinson <rja@corp.home.net>, nanog@merit.edu
In-Reply-To: <m0x9I8Y-0007zYC@rip.psg.com>; from Randy Bush on Thu, Sep 11, 1997 at 03:54:00PM -0800
On Thu, Sep 11, 1997 at 03:54:00PM -0800, Randy Bush wrote:
> > LSR is actually a significant security issue. So, while I do
> > understand and am sympathetic to the operational debugging
> > issues that LSR addresses, I think that requiring a peer to
> > enable LSR more than 2 hops inside their network from the
> > outside world is unreasonable.
>
> So, you're comfortable with asking for LSR at the IX and a hop behind?
>
> > In a world where SSH were available in cisco routers and/or
> > IPsec were more widely deployed, I might have different views.
>
> K5 does not give you sufficient warm fuzzies?
>
> randy
Get a few connections to your core hardware hijacked and you'll start
installing hardwired modems on console ports and shutting off access to
the telnet side entirely.
That's a SERIOUS pain in the arse.
--
--
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service
| NEW! K56Flex modem support is now available
Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines!
Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal