nanog mailing list archives
Re: not rewriting next-hop, pointing default, ...
From: "Sean M. Doran" <smd () clock org>
Date: 13 Sep 1997 16:44:58 -0400
"Alex.Bligh" <amb () xara net> writes:
Failing this, the ability to disable responding to packets (*) with source route set on the Cisco *host* TCP/IP stack (and continue to forward them),
Mourn the death of TUBA telnet... :) What you might want is to make sure that management functions can only happen over a separate private IP network. This has been a long-time engineering goal of one network at some priority or other. Then, some protection for routing protocols to make them both more robust and more secure, and life is a bit nicer. (Although taking an axe to all the routing protocols in use today has a strong appeal, actually, but that'll come later...) Unfortunately, though, in the absence of a method to query routers about their forwarding (i.e., "what would you do with this traffic profile?"), route calculation and NLRI redistribution policies, any tool which can help infer that from anywhere in the Internet is of use. I hate traceroute, I think it's a dreadful hack, and it is really hard to use it correctly for all sorts of reasons, lots of them having to do with the observer problem. LSRR helps enormously, and has been of critical use in the past. Killing it off to provide some warm fuzzies to operators who are still going to be exposed to lots of serious attacks on their routers and hosts strikes me as nearly as unreasonable as simply turning off routers and encasing them in concrete to make them safe. What would be REALLY nice is if lots of new hardware and software that doesn't keel over dead or use a really slow path to forward packets decorated with the LSRR option were deployed in everyone's networks. Sean.
Current thread:
- Re: not rewriting next-hop, pointing default, ..., (continued)
- Message not available
- Re: not rewriting next-hop, pointing default, ... Ran Atkinson (Sep 11)
- Re: not rewriting next-hop, pointing default, ... Randy Bush (Sep 11)
- Re: not rewriting next-hop, pointing default, ... Karl Denninger (Sep 11)
- Re: not rewriting next-hop, pointing default, ... Ran Atkinson (Sep 11)
- Re: not rewriting next-hop, pointing default, ... Sean M. Doran (Sep 11)
- Message not available
- Re: LSR and packet filters Ran Atkinson (Sep 12)
- Re: LSR and packet filters Sean M. Doran (Sep 13)
- Re: LSR and packet filters Alex "Mr. Worf" Yuriev (Sep 13)
- Re: LSR and packet filters Sean M. Doran (Sep 14)
- Re: not rewriting next-hop, pointing default, ... Alex.Bligh (Sep 12)
- Re: not rewriting next-hop, pointing default, ... Sean M. Doran (Sep 13)
- Message not available
- Re: protecting operational networks Ran Atkinson (Sep 15)
- Re: protecting operational networks Vadim Antonov (Sep 15)
- Re: not rewriting next-hop, pointing default, ... Karl Denninger (Sep 11)
- Re: not rewriting next-hop, pointing default, ... Avi Freedman (Sep 11)
- set ip next-hop Bradley Dunn (Sep 11)
- Re: set ip next-hop Alex Rubenstein (Sep 11)
- Re: set ip next-hop Avi Freedman (Sep 11)
- Re: not rewriting next-hop, pointing default, ... Per Gregers Bilse (Sep 12)
- Re: not rewriting next-hop, pointing default, ...s Avi Freedman (Sep 12)
- Re: not rewriting next-hop, pointing default, ...s Nathan Stratton (Sep 12)