Bellovin sez...

Ran Atkinson rja at corp.home.net
Fri Feb 20 21:40:16 UTC 1998


Forgive my directness, but there was no _new_ data at all
in what the referenced URL quoted Steve/Matt as saying.

Much of this goes (in the public literature) at least
back to Steve's paper in ACM CCR in the late 80s.  Others of
it has been documented elsewhere in the public literature
since then.

Also note that clever operators _are_ taking steps like:
	- pushing vendors towards SNMPv3 with real security
	- deploying OSPF MD5 authentication/RIP MD5 authentication
	- deploying the TCP MD5 option to protect BGP sessions
	- using route servers
	- deploying Kerberos/SSH/IPsec to secure login connections
		to servers & disallowing unprotected connections
	- deploying IETF OTP or Bellcore S/Key on routers
	- ...

Ran
rja at home.net



More information about the NANOG mailing list