RE: BGP filtering of supernets out of classful space

["Roeland Meyer (E-mail)" <rmeyer () mhsc com>]

> John Fraizer: Friday, May 19, 2000 1:24 PM
>
> On Fri, 19 May 2000, Daniel Senie wrote:
>
> > I'd like to see sites which filter provide a looking glass
> or similar so

> Some providers are VERY paranoid about people seeing what
> their routing
> table looks like.  I requested that one of our upstreams
provide a
> looking-glass and their reply was "The LG code requires that
> we open up
> RSH on the routers.  No Way!"

This I can understand ...

> I wrote looking-glass code that uses telnet.  I provided it to
the
> provider in question.  Still no looking-glass nearly a year
later.

Maybe, if you'd based it on ssh, it might have flown better?

I don't allow either telnet or FTP anywhere on my systems. For
critical stuff (anything requireing passwds), allowed protocols
are SSH, SMB (Samba forwarded over SSH), and HTTPS. We also use
SSL POP3 and SSL SMTP and remote admin is VNC through SSH. The
only unsecured port is standard SMTP and that's in the process of
being AUTH'd (as soon as I free-up resources to do that). Many
other shops I know are the same way, or they don't allow external
connections at all (bastion hosts). That they don't allow
external telnet sessions is no surprise.