[45729] in North American Network Operators' Group
Re: it's here
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Wed Feb 13 14:48:12 2002
Message-ID: <3C6AC27B.A7F46D97@greendragon.com>
Date: Wed, 13 Feb 2002 14:46:25 -0500
From: William Allen Simpson <wsimpson@greendragon.com>
MIME-Version: 1.0
To: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
jlewis@lewis.org wrote:
> Do we then also buy/maintain VPN hardware to connect all the various 1918
> management networks to the NOC?
>
Um, it isn't that hard or expensive. I just put an older box -- like a
133 or 200 MHz machine -- at each pop, running OpenBSD. Allows a
simple VPN throughout, and runs ntpd, too. And sometimes running a
remote copy of MRTG at a particular POP is nice for hunting down infected local DSL customers without tying up the backbone.
Look, it's a lot less costly than the routers, the DSLAMs, even the
managed switches. My main difficulty is they aren't rackable (just
old desktop machines), so they sit in the bottom of the rack. Someday,
someday.
It's time we all run with better security. (As we frantically put in more filtering in the middle of the night based on the
report -- no matter how proactive we try to be, the bar keeps moving and moving.)
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
