Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

  • From: joshua sahala
  • Date: Thu Jan 20 13:42:27 2005

On (20/01/05 13:20), Chris A. Epler wrote:
> 
> Whats so bad about decent secure defaults?  

 secure defaults are good...but there are other aspects of cisco ios which
 would be better suited to be disabled out of the box:  redirects, proxy 
 arp, tcp/udp small-servers, the lack of decent ssh (this is getting
 better), lack of receive acls on all but the big boxen, etc...these are a
 few things which would be better to have out of the box.

> If you're implementing a new router and setting up Bogon filters you 
> should already know that they'll need to be updated regularly

 read the beginning of this thread - people implement bogon filters
 without keeping them up to date already.  this is just another mechanism
 to do the same thing (but on a larger scale).

> If you don't know this, then you shouldn't be in charge of said router.
> Am I missing something here???

 in an ideal world, yes, this would be true; however we all know the
 reality of this.  there are already secure config templates available
 which people follow without actually knowing the implications of.  one
 more 'feature' in ios will go unnoticed by most, and thus will be left
 out of date...that was, i believe, jared's point.

/joshua
-- 

            ****    THIS .sig CENSORSED    ****





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.