Firewall Wizards mailing list archives
Re: fw-1 general & VPN questions
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Mon, 20 Apr 1998 18:25:00 -0400
Joseph S. D. Yao wrote:
I also intend to do some "out-of-band" mgmt with a dialin modem on the serial console of the two sun boxes (yes, yes, wardialers I know). However, this is what the customer wants, and I have no say-so, so I need to simply get it set up.Can you at least get them to use a dial-back modem? Or even strong authentication at the dial-in terminal server?
Sounds like there's no terminal server there, just dialin on the serial console. :( Warning: workstations often have incredibly lame serial consoles. I don't know about the particular sun boxes you're planning to use but I've had $40,000 screaming hot workstations barely able to handle serial I/O at 38.8k. I've been pondering the secure remote management thing for a while and was trying to come up with decent solutions that are dirt cheap. Haven't tried this, but does anyone see a flaw with: - have a log-in that drops you right into PPP using CHAP - run ip_filt on the workstation to filter access via the PPP interface - let only SSH in over PPP (or whatever other services are OK) mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- fw-1 general & VPN questions AC (Apr 20)
- Re: fw-1 general & VPN questions Joseph S. D. Yao (Apr 20)
- Re: fw-1 general & VPN questions Marcus J. Ranum (Apr 20)
- Re: fw-1 general & VPN questions AC (Apr 20)
- Re: fw-1 general & VPN questions Eric Vyncke (Apr 21)
- Re: fw-1 general & VPN questions Marcus J. Ranum (Apr 21)
- Re: fw-1 general & VPN questions Lyndon David (Apr 21)
- Re: fw-1 general & VPN questions Bennett Todd (Apr 21)
- Re: fw-1 general & VPN questions Mark Horn [ Net Ops ] (Apr 21)
- Re: fw-1 general & VPN questions Bennett Todd (Apr 21)
- Re: fw-1 general & VPN questions Marcus J. Ranum (Apr 20)
- Re: fw-1 general & VPN questions Joseph S. D. Yao (Apr 20)