Is anyone actually USING IP QoS?

Alex P. Rudnev alex at Relcom.EU.net
Wed Jun 16 17:55:40 UTC 1999


They (cisco) promised to realise ssh. Hope we'll see it in a few years, 
For now, install IPSEC, tunnel, bla-bla-bla, and may be you'll have a 
piece of security.

It's amazing but some hacker's scan erased all our 7206 routers onse 
(PROM erased withouth any traces of intrusion, and due to accounting it 
was some kind of scanning, not more).

Unix machine... drop all services you don't need, run your services not 
as the root, install secure level or read-onl.y file system - and no 
problems. DoS attacks themself are not a problem in case of right 
resource allocation policy (resource is not only memory but sockets, 
ports, etc etc).

> >attacks, and can be running services listening on a port which can
> >potentially be "hacked".  my only point is that you are trading a set of
> >security issues in multicast for *different* security issues with a cache.
> 
> A Unix machine can be secured a lot better than any commercial router.
> 
> For one, you can get a source code from it and see what the hell it is
> doing and fix discovered security holes ASAP.
> 
> Second, just run SSH or Kerberos.  SSH on cisco, anyone?  Nyah.
> 
> --vadim
> 
> 

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)





More information about the NANOG mailing list