nanog mailing list archives

Re: not rewriting next-hop, pointing default, ...

From: "Alex.Bligh" <amb () xara net>
Date: Fri, 12 Sep 1997 11:02:27 +0100

In a world where SSH were available in cisco routers and/or
IPsec were more widely deployed, I might have different views.


Failing this, the ability to disable responding to packets (*)
with source route set on the Cisco *host* TCP/IP stack
(and continue to forward them), would allow it to be
easilly enabled in your core, and filtered at borders
with machines and vulnerable equipment attached. IE
you filter out such packets as part of your normal firewalling.
This would prevent the telnet to Cisco with LSR poblem.
Thus traceroute -g would give you the useful information,
then star out if you were tracing to (say) www.uu.net.

(*) - urm, except responding to traceroutes etc. :-)

Alex Bligh
Xara Networks

Current thread:

Re: not rewriting next-hop, pointing default, ..., (continued)
- - - Re: not rewriting next-hop, pointing default, ... Randy Bush (Sep 11)
    - Message not available
    - Re: not rewriting next-hop, pointing default, ... Ran Atkinson (Sep 11)
    - Re: not rewriting next-hop, pointing default, ... Randy Bush (Sep 11)
    - Re: not rewriting next-hop, pointing default, ... Karl Denninger (Sep 11)
    - Re: not rewriting next-hop, pointing default, ... Ran Atkinson (Sep 11)
    - Re: not rewriting next-hop, pointing default, ... Sean M. Doran (Sep 11)
    - Message not available
    - Re: LSR and packet filters Ran Atkinson (Sep 12)
    - Re: LSR and packet filters Sean M. Doran (Sep 13)
    - Re: LSR and packet filters Alex "Mr. Worf" Yuriev (Sep 13)
    - Re: LSR and packet filters Sean M. Doran (Sep 14)
    - Re: not rewriting next-hop, pointing default, ... Alex.Bligh (Sep 12)
    - Re: not rewriting next-hop, pointing default, ... Sean M. Doran (Sep 13)
    - Message not available
    - Re: protecting operational networks Ran Atkinson (Sep 15)
    - Re: protecting operational networks Vadim Antonov (Sep 15)
    - Re: not rewriting next-hop, pointing default, ... Karl Denninger (Sep 11)
    - Re: not rewriting next-hop, pointing default, ... Avi Freedman (Sep 11)
    - set ip next-hop Bradley Dunn (Sep 11)
    - Re: set ip next-hop Alex Rubenstein (Sep 11)
    - Re: set ip next-hop Avi Freedman (Sep 11)
    - Re: not rewriting next-hop, pointing default, ... Per Gregers Bilse (Sep 12)
    - Re: not rewriting next-hop, pointing default, ...s Avi Freedman (Sep 12)

(Thread continues...)