[45976] in North American Network Operators' Group
Re: Telco's write best practices for packet switching networks
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Wed Mar 6 10:45:31 2002
Date: Wed, 6 Mar 2002 15:42:40 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: "Christopher L. Morrow" <chris@UU.NET>,
Ron da Silva <ron@aol.net>, <nanog@merit.edu>
In-Reply-To: <20020306152939.ADE017B4B@berkshire.research.att.com>
Message-ID: <Pine.GSO.4.33.0203061541120.3098-100000@rampart.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 6 Mar 2002, Steven M. Bellovin wrote:
>
> I was agreeing with Eric's point. I've been saying this for years. My
> comment about the packet filter was to deal with services that are
> needed for some internal purposes, but for some reason can't protect
> themselves. Right now, that's snmp -- you may have snmpd running on
> your mail server, but given the recent CERT advisory you need to keep
> the bad guys away from it. (Yes, you should install fixed code -- but
> given how many components were affected by that advisory, it's quite
> obvious that no one has had time to test the fixes properly.)
Okey-dokey :) I missed that part (the agreement part)
