SUMMARY: handling dangerous subnets

From: Ed Strong (
Date: Mon Apr 12 1993 - 13:00:38 CDT

> One of my subnets runs to a laboratory whose mission is to do network
> experiments. Anything can come out of this subnet, and occassionally has.
> For example one machine recently began advertising itself as an internet
> gateway, and various routed processes trustingly listened to it.

> I am looking for ways to block incorrect information from this lab subnet
> while still providing DNS, NFS, and NIS services to it. One solution is
> to use gated, for instance. Tcp-wrapper is also being considered. Are
> there other techniques that I should examine? I will summarize responses
> of course.

Apologies for the summary delay, press of time and all that.
I received relatively few responses to this post.

1. Investigate the PD Karl Bridge software for PCs. (Contact

2. Use the Sun consulting special called "HCONS". Can also be used for
   setting up internet gateways.

3. One respondent wrote that tcp-wrapper is probably not useful for this job.
   He's right.

4. Three respondents wrote, put it behind a cisco. This we are now doing.

5. Use gated, and join the mailing list.
   We are also implementing this.

6. Use static routes on the machines you don't want to get confused.

Thanks to:

Andrew Watson <>
ups!upstage!glenn@fourx.Aus.Sun.COM (Glenn Satchell) (Kurt J. Lidl) (Steve Campbell) (Greg Lanzaro)

Ed Strong

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:44 CDT