Re: ssh on JunOs 4.2 / XCompiler

From: Arnd Vehling (av@nethead.de)
Date: Thu Feb 01 2001 - 17:40:45 EST


Greg Ketell wrote:
>
> At 10:58 PM 2/1/2001 +0100, Arnd Vehling wrote:
> >I got this choice with every other product i buy, why doesnt juniper
> >offer me this choice?
>
> You can load something onto "the other company's" routers?

No, i have the choice to tamper with the product and loose
the warranty if i want to.

I use only cisco and juniper at the moment so no, "i cant to this
with the other routers".

But there are other router products where i am able to upload software
and on my ciscos (>=7500) is a ssh1 pre-installed.

> The difference is that if you load something onto your PC and it causes the
> PC to crash (in the M$ case: over and over and over), so what!

I hope that a juniper-box is a little bit more stable than an M$ Box
and theres prove out there that the recent SSH releases are _extremely_
stable on all other platforms. I would assume that this is the fact
with a j-box too.

[..]
> Is this a worthwhile risk for "less" rather than "more", or "tcsh" rather
> than "csh"?

no, but a SSH _is_ worth the risk. With telnet i risk beeing sniffed
or hijacked (somewhat unlikely) and face the same risk. In case
of somebody sniffing my login data i not only risk the stability
of my network but that of other networks too. Imagine somebody
tampering with my BGP setup ot using a CIX Backbone router for
DDOS Attacks. Thats worse than a backbone router going down.

> Juniper's answer to this question is "no".

That became somewhat clear in your first mail already :)

> The reality is that at the moment we can't stop you. (Pay particular
> attention to the "at the moment".)

ok, i move fast :)

> But, if your router has problems after
> you do something like this your best bet is to reload JUNOS and keep it
> pristine.

u bet i do.

  Arnd

-- 

NetHead Network Design and Security Arnd Vehling av@nethead.De Gummersbacherstr. 27 Phone: +49 221 8809210 50679 Köln Fax : +49 221 8809212



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT