> One of my subnets runs to a laboratory whose mission is to do network
> experiments. Anything can come out of this subnet, and occassionally has.
> For example one machine recently began advertising itself as an internet
> gateway, and various routed processes trustingly listened to it.
> I am looking for ways to block incorrect information from this lab subnet
> while still providing DNS, NFS, and NIS services to it. One solution is
> to use gated, for instance. Tcp-wrapper is also being considered. Are
> there other techniques that I should examine? I will summarize responses
> of course.
Apologies for the summary delay, press of time and all that.
I received relatively few responses to this post.
1. Investigate the PD Karl Bridge software for PCs. (Contact kbridge@osu.edu)
2. Use the Sun consulting special called "HCONS". Can also be used for
setting up internet gateways.
3. One respondent wrote that tcp-wrapper is probably not useful for this job.
He's right.
4. Three respondents wrote, put it behind a cisco. This we are now doing.
5. Use gated, and join the gated-people@gated.cornell.edu mailing list.
We are also implementing this.
6. Use static routes on the machines you don't want to get confused.
Thanks to:
Andrew Watson <ajw@ansa.co.uk>
ups!upstage!glenn@fourx.Aus.Sun.COM (Glenn Satchell)
Perry_Hutchison.Portland@xerox.com
lidl@uunet.uu.net (Kurt J. Lidl)
weingart@inf.ethz.ch
steve@avalon.dartmouth.edu (Steve Campbell)
lanzaro@ida.org (Greg Lanzaro)
Ed Strong
ems@ccrl.nj.nec.com
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:44 CDT