[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Ability to withstand well known attacks
On Tue, 22 Jul 2003, Smith, Donald wrote:
> Limiting what systems can communicate directly with your router via acl's
> also helps.
> I personally think this last method is the best method as it also protects
> against other yet to be discovered attacks.
> If you can only ssh to my routers from a few "trusted" networks
> then an new ssh vulnerability is mitigated (not eliminated but the threat is
> lessened).
ACLs often have undesirable and significantly negative performance impact.
syncookies have none...
> Are any of the router vendors implementing syncookies?
unfortunately it seems not.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]