nanog mailing list archives
Re: telnet vs ssh on Core equipment , looking for reasons why ?
From: Ariel Biener <ariel () fireball tau ac il>
Date: Wed, 1 Aug 2001 01:49:20 +0300 (IDT)
On Tue, 31 Jul 2001, Dan Hollis wrote:
Hmmm, how about I lockdown all MAC addresses on switch ports and configure port IP filters and set the switch so filter violations automatically disable your port?
Dan, really, how many people do you know that actually enforce any of the above techniques ? Talking about security is fun, and can get tiresome, but, a network administrator or system administrator, or even an organization makes a decision how far they wish to go with it, and how willing they are to hinder the normal course of working. Just as an example, lets assume you use a FastEthernet interafce, with MAC address X. Tomorrow you find out that you're using some 80% of it, and you define a portchannel, with two FEs. The ARP address will change. Now, if you are running through a few networks, or even, if you are managing a few 10s of routers, doing what you are suggesting creates imense overheads of management. The idea is to work as secure as possible, without hindering work, and without creating more work, and spending alot more time (this money) on these things. Think about it for a minute. --Ariel
Then when you try this arp spoofing nonsense, your link goes down and I'll get paged so I can permanently correct your workstation with a sledgehammer. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
-- Ariel Biener e-mail: ariel () post tau ac il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
Current thread:
- Re: telnet vs ssh on Core equipment , looking for reasons why ?, (continued)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? fingers (Jul 31)
- RE: telnet vs ssh on Core equipment , looking for reasons why ? Deepak Jain (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Stephen J. Wilcox (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Bob K (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? up (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Gary E. Miller (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Dan Hollis (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Valdis . Kletnieks (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? mike harrison (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Bill Woodcock (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Randy Bush (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Alex Bligh (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Scott Francis (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Ariel Biener (Jul 31)
- Re: telnet vs ssh on Core equipment , looking for reasons why ? Mr. James W. Laferriere (Jul 31)
- RE: telnet vs ssh on Core equipment , looking for reasons why ? Daniel Golding (Jul 31)
- RE: telnet vs ssh on Core equipment , looking for reasons why ? Dave Israel (Jul 31)