[48273] in North American Network Operators' Group
RE: Routers vs. PC's for routing - was list problems?
daemon@ATHENA.MIT.EDU (Deepak Jain)
Sat May 25 03:07:02 2002
Reply-To: <deepak@ai.net>
From: "Deepak Jain" <deepak@ai.net>
To: "David Ulevitch" <davidu@everydns.net>, <Valdis.Kletnieks@vt.edu>
Cc: <nanog@merit.edu>
Date: Fri, 24 May 2002 16:31:47 -0400
In-Reply-To: <40566842.1022196932@[192.168.0.10]>
Errors-To: owner-nanog-outgoing@merit.edu
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
David Ulevitch
Sent: Friday, May 24, 2002 2:36 AM
To: Valdis.Kletnieks@vt.edu
Cc: nanog@merit.edu
Subject: Re: Routers vs. PC's for routing - was list problems?
[deleted]
As to being immune to exploits I fail to see how. An exploit is an exploit
-- it doesn't need to give you a root shell to accomplish a goal of
crashing the packet filter.
I'm more than happy to be proven wrong though, when is there a time when a
pseudo-halted system is "more secure"?
-davidu
----
EXACTLY! Vulnerabilities [especially in socket functions (you still *are*
running a routing protocol right?)] can cause arbitrary code to execute
irrespective of your current run level. Most people would agree that having
to reboot the machine to change/check/edit anything is an unacceptable
scenario. Further, how do you filter an attack in real-time?
Deepak Jain
AiNET
