North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: BGP filtering of supernets out of classful space
> John Fraizer: Friday, May 19, 2000 1:24 PM > > On Fri, 19 May 2000, Daniel Senie wrote: > > > I'd like to see sites which filter provide a looking glass > or similar so > Some providers are VERY paranoid about people seeing what > their routing > table looks like. I requested that one of our upstreams provide a > looking-glass and their reply was "The LG code requires that > we open up > RSH on the routers. No Way!" This I can understand ... > I wrote looking-glass code that uses telnet. I provided it to the > provider in question. Still no looking-glass nearly a year later. Maybe, if you'd based it on ssh, it might have flown better? I don't allow either telnet or FTP anywhere on my systems. For critical stuff (anything requireing passwds), allowed protocols are SSH, SMB (Samba forwarded over SSH), and HTTPS. We also use SSL POP3 and SSL SMTP and remote admin is VNC through SSH. The only unsecured port is standard SMTP and that's in the process of being AUTH'd (as soon as I free-up resources to do that). Many other shops I know are the same way, or they don't allow external connections at all (bastion hosts). That they don't allow external telnet sessions is no surprise.
|