[45698] in North American Network Operators' Group
Re: it's here
daemon@ATHENA.MIT.EDU (Eric Brandwine)
Tue Feb 12 14:37:04 2002
To: Sean Donelan <sean@donelan.com>
Cc: Alex Rubenstein <alex@nac.net>, nanog@merit.edu
From: Eric Brandwine <ericb@UU.NET>
Date: 12 Feb 2002 19:32:07 +0000
In-Reply-To: Sean Donelan's message of "Tue, 12 Feb 2002 14:22:32 -0500 (EST)"
Message-ID: <gu9y9hyo5s8.fsf@rampart.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: owner-nanog-outgoing@merit.edu
>>>>> "sd" == Sean Donelan <sean@donelan.com> writes:
sd> On Tue, 12 Feb 2002, Alex Rubenstein wrote:
>> http://www.cert.org/advisories/CA-2002-03.html
sd> ASN.1 is pretty cool, but I've been wondering are there that
sd> many ISPs which allow external SNMP access to their equipment?
sd> SNMP is a UDP management protocol, and even under the best of
sd> conditions, accepting packets from out of the blue isn't a good
sd> idea.
Spoofed packets?
It's not feasible to filter antispoof at OC-12 or OC-48 line rate on
all customer facing interfaces.
ericb
--
Eric Brandwine | To assert that the earth revolves around the sun is as
UUNetwork Security | erroneous as to claim that Jesus was not born of a
ericb@uu.net | virgin.
+1 703 886 6038 | - Cardinal Bellarmine (during the
Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
