> One of my subnets runs to a laboratory whose mission is to do network
> experiments. Anything can come out of this subnet, and occassionally has.
> For example one machine recently began advertising itself as an internet
> gateway, and various routed processes trustingly listened to it.
> I am looking for ways to block incorrect information from this lab subnet
> while still providing DNS, NFS, and NIS services to it. One solution is
> to use gated, for instance. Tcp-wrapper is also being considered. Are
> there other techniques that I should examine? I will summarize responses
> of course.
Apologies for the summary delay, press of time and all that.
I received relatively few responses to this post.
1. Investigate the PD Karl Bridge software for PCs. (Contact firstname.lastname@example.org)
2. Use the Sun consulting special called "HCONS". Can also be used for
setting up internet gateways.
3. One respondent wrote that tcp-wrapper is probably not useful for this job.
4. Three respondents wrote, put it behind a cisco. This we are now doing.
5. Use gated, and join the email@example.com mailing list.
We are also implementing this.
6. Use static routes on the machines you don't want to get confused.
Andrew Watson <firstname.lastname@example.org>
ups!upstage!glenn@fourx.Aus.Sun.COM (Glenn Satchell)
email@example.com (Kurt J. Lidl)
firstname.lastname@example.org (Steve Campbell)
email@example.com (Greg Lanzaro)
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:44 CDT