nanog mailing list archives
Re: Securing Border Routers
From: Owen DeLong <owen () delong com>
Date: Wed, 19 Jan 2011 20:22:50 -0800
Using non-world routable space on interfaces makes for difficulties in some situations with PMTU-D and with troubleshooting (useless information in traceroutes for example). Owen On Jan 19, 2011, at 6:04 PM, jim deleskie wrote:
Never put a firewall in front of a router, it will die first. The team CYMRU stuff is great make sure you have ACL's on your VTY and allow access only from trusted internal IPs. I also like using non world routable space on any interface I can. On Wed, Jan 19, 2011 at 9:38 PM, Brandon Kim <brandon.kim () brandontek com>wrote:What an insightful link! Thank you, I am reading it now.....From: Bryan.Welch () arrisi com To: nanog () nanog org Date: Wed, 19 Jan 2011 16:38:43 -0800 Subject: RE: Securing Border Routers I ALWAYS start with the CYMRU secure bgp templates, found here: http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html I personally would not recommend a firewall in front of your router,sufficient ACL'ing should be enough for securing the router itself.Bryan -----Original Message----- From: Brandon Kim [mailto:brandon.kim () brandontek com] Sent: Wednesday, January 19, 2011 4:36 PM To: nanog group Subject: Securing Border Routers Gents: What measures do you take to protect your border routers? Our routers arerunning BGP so I'm interested if there is any way to secure them without interfering with BGP? Is it normal to put a firewall in front of the border routers?I'm concerned about DDOS attacks mainly....although we haven't had any, Idon't welcome them.....Brandon
Current thread:
- Securing Border Routers Brandon Kim (Jan 19)
- RE: Securing Border Routers Welch, Bryan (Jan 19)
- RE: Securing Border Routers Brandon Kim (Jan 19)
- Re: Securing Border Routers jim deleskie (Jan 19)
- Re: Securing Border Routers Owen DeLong (Jan 19)
- RE: Securing Border Routers Brandon Kim (Jan 19)
- RE: Securing Border Routers Welch, Bryan (Jan 19)
- Re: Securing Border Routers Ryan Shea (Jan 19)
- Re: Securing Border Routers virendra rode (Jan 20)
- Re: Securing Border Routers Roland Dobbins (Jan 20)