it's here

• Previous message (by thread): it's here
• Next message (by thread): it's here
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 12, 2002 at 07:32:07PM +0000, Eric Brandwine wrote:
> 
> >>>>> "sd" == Sean Donelan <sean at donelan.com> writes:
> 
> sd> On Tue, 12 Feb 2002, Alex Rubenstein wrote:
> >> http://www.cert.org/advisories/CA-2002-03.html
> 
> sd> ASN.1 is pretty cool, but I've been wondering are there that
> sd> many ISPs which allow external SNMP access to their equipment?
> sd> SNMP is a UDP management protocol, and even under the best of
> sd> conditions, accepting packets from out of the blue isn't a good
> sd> idea.
> 
> Spoofed packets?
> 
> It's not feasible to filter antispoof at OC-12 or OC-48 line rate on
> all customer facing interfaces.

But it should be not only feasible, but standard practice.
-ron

• Previous message (by thread): it's here
• Next message (by thread): it's here
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]