[55527] in North American Network Operators' Group
Re: routing between provider edge and CPE routers
daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Thu Jan 30 15:07:39 2003
To: nanog@merit.edu
From: "Miquel van Smoorenburg" <miquels@cistron.nl>
Date: Thu, 30 Jan 2003 20:04:39 +0000 (UTC)
X-Complaints-To: abuse@cistron.nl
Errors-To: owner-nanog-outgoing@merit.edu
In article <cistron.7CD4CD9D537C294D9ED9E5CE2F019106B6BC4D@MAILSERV.linc2icn.net>,
Mike Bernico <mbernico@illinois.net> wrote:
>> So, by accepting routes from CPE you create a huge security
>vulnerability
>> for your customers, and other parties. This practice was understood
>as a
>> very bad network engineering for decades.
>
>Is there someplace I can find tidbits of information like this? I
>haven't been alive decades so I must have missed that memo. Other than
>this list I don't know where to find anyone with lots of experience
>working for a service provider.
You could have thought this up yourself. If you put something in
production, /always/ ask yourself: if I was a hacker with bad intentions,
how could I abuse this. And actually try to. I hacked my own network
and machines a couple of times for fun, you learn a lot from it.
Mike.
--
Anyone who is capable of getting themselves made President should
on no account be allowed to do the job -- Douglas Adams.
