nanog mailing list archives
Re: Maformed SNMP Packet log/trace
From: Sean Donelan <sean () donelan com>
Date: Tue, 26 Feb 2002 22:08:23 -0500 (EST)
On Tue, 26 Feb 2002, Richard A Steenbergen wrote:
A lot of those protocols have people looking at them on a regular basis, and they still manage to come up with obscure exploits noone else noticed (ex: 23mb of buffer overflows to exploit telnetd).
So what is the solution for a public network operator. I attended a presentation last week where a Checkpoint reseller suggested the client needed to buy eight Checkpoint firewalls to protect a single web server. I was impressed, what about the undercoating and scotchguard fabric protector. Is it time to fall back in punt? How would you architect a backbone if you could do it over? Enable BGP authentication Enable NTP authentication (use more than GPS as a source) Enable OSPF/ISIS authentication Use TL1 on the Aux port for network management Ip route null0 packets from outside containing internal-only backbone addresses. Is the complexity of SSH code worth the protection? Or is it better never to access your routers through VTY ports, and always use an reverse-terminal server to the console from an out-of-band management LAN?
Current thread:
- Maformed SNMP Packet log/trace Brennan_Murphy (Feb 26)
- Re: Maformed SNMP Packet log/trace Eric Brandwine (Feb 26)
- Re: Maformed SNMP Packet log/trace Sean Donelan (Feb 26)
- Re: Maformed SNMP Packet log/trace Richard A Steenbergen (Feb 26)
- Re: Maformed SNMP Packet log/trace Sean Donelan (Feb 26)
- Re: Maformed SNMP Packet log/trace Eric Brandwine (Feb 26)
- Re: Maformed SNMP Packet log/trace Sean Donelan (Feb 26)
- Re: Maformed SNMP Packet log/trace Paul Vixie (Feb 26)
- Re: Maformed SNMP Packet log/trace Richard A Steenbergen (Feb 27)
- Re: Maformed SNMP Packet log/trace Sean Donelan (Feb 26)
- Re: Maformed SNMP Packet log/trace Eric Brandwine (Feb 26)
- Re: Satellite latency Jeff Mcadams (Feb 26)
- Re: Satellite latency Roy (Feb 26)
- Re: Satellite latency michael (Feb 26)
- Re: Satellite latency Barb Dijker (Feb 26)
- Re: Satellite latency Vadim Antonov (Feb 26)