SUMMARY: handling dangerous subnets

From: Ed Strong (ems@ccrl.nj.nec.com)
Date: Mon Apr 12 1993 - 13:00:38 CDT


> One of my subnets runs to a laboratory whose mission is to do network
> experiments. Anything can come out of this subnet, and occassionally has.
> For example one machine recently began advertising itself as an internet
> gateway, and various routed processes trustingly listened to it.

> I am looking for ways to block incorrect information from this lab subnet
> while still providing DNS, NFS, and NIS services to it. One solution is
> to use gated, for instance. Tcp-wrapper is also being considered. Are
> there other techniques that I should examine? I will summarize responses
> of course.

Apologies for the summary delay, press of time and all that.
I received relatively few responses to this post.

1. Investigate the PD Karl Bridge software for PCs. (Contact kbridge@osu.edu)

2. Use the Sun consulting special called "HCONS". Can also be used for
   setting up internet gateways.

3. One respondent wrote that tcp-wrapper is probably not useful for this job.
   He's right.

4. Three respondents wrote, put it behind a cisco. This we are now doing.

5. Use gated, and join the gated-people@gated.cornell.edu mailing list.
   We are also implementing this.

6. Use static routes on the machines you don't want to get confused.

Thanks to:

Andrew Watson <ajw@ansa.co.uk>
ups!upstage!glenn@fourx.Aus.Sun.COM (Glenn Satchell)
Perry_Hutchison.Portland@xerox.com
lidl@uunet.uu.net (Kurt J. Lidl)
weingart@inf.ethz.ch
steve@avalon.dartmouth.edu (Steve Campbell)
lanzaro@ida.org (Greg Lanzaro)

Ed Strong
ems@ccrl.nj.nec.com



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:44 CDT