North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Is anyone actually USING IP QoS?
On 06/16/99 10:31:03 AM Vadim Antonov wrote: >Brett_Watson@enron.net wrote: > >>i'll give you that. however, caches tend to run under unix-like os's which >>are multi-user and multi-service machines. they can be susceptible to DoS >>attacks, and can be running services listening on a port which can >>potentially be "hacked". my only point is that you are trading a set of >>security issues in multicast for *different* security issues with a cache. > >A Unix machine can be secured a lot better than any commercial router. i don't believe that at all. i say this from operational experience, not just generalizing. >For one, you can get a source code from it and see what the hell it is >doing and fix discovered security holes ASAP. in some cases, yes you can. but the fact that i (someone who doesn't crack systems) can get source code to some flavors of unix doesn't stop the hackers from getting it either. no *real* gain here. and if you don't think that some of the more elite hackers in the world don't have access to proprietary source code, both systems and router vendors.... if you're not scared, you don't understand. >Second, just run SSH or Kerberos. SSH on cisco, anyone? Nyah. maybe i just misunderstand you but you seem to portray these issues as black and white. they're not. ssh has had known security problems, and kerberos, while i like it myself, is damned easy to misconfigure which opens all kinds of holes. -brett