North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is anyone actually USING IP QoS?

  • From: Brett_Watson
  • Date: Wed Jun 16 14:00:34 1999

On 06/16/99 10:31:03 AM Vadim Antonov  wrote:

>[email protected] wrote:
>>i'll give you that.  however, caches tend to run under unix-like os's
>>are multi-user and multi-service machines.  they can be susceptible to
>>attacks, and can be running services listening on a port which can
>>potentially be "hacked".  my only point is that you are trading a set of
>>security issues in multicast for *different* security issues with a
>A Unix machine can be secured a lot better than any commercial router.

i don't believe that at all.  i say this from operational experience, not
just generalizing.

>For one, you can get a source code from it and see what the hell it is
>doing and fix discovered security holes ASAP.

in some cases, yes you can.  but the fact that i (someone who doesn't crack
systems) can get source code to some flavors of unix doesn't stop the
hackers from getting it either.  no *real* gain here.  and if you don't
think that some of the more elite hackers in the world don't have access to
proprietary source code, both systems and router vendors....  if you're not
scared, you don't understand.

>Second, just run SSH or Kerberos.  SSH on cisco, anyone?  Nyah.

maybe i just misunderstand you but you seem to portray these issues as
black and white.  they're not.  ssh has had known security problems, and
kerberos, while i like it myself, is damned easy to misconfigure which
opens all kinds of holes.