[j-nsp] Re: Running a code on router

Richard A Steenbergen ras at e-gerbil.net
Thu Jan 12 16:23:54 EST 2006


On Thu, Jan 12, 2006 at 08:49:49PM +0000, Michael Shields wrote:
> 
> On 12 Jan 2006, at 20:11, Richard A Steenbergen wrote:
> 
> > I heard that there would be a mechanism to turn this off. I agree  
> > with the
> > concept, it is a good way to prevent people from hacking routers and
> > installing DDoS nets, keep ex-employees from installing backdoors  
> > before
> > they leave, etc. For your average user this should be a good  
> > feature, so
> > long as power users have the ability to turn it off. :)
> 
> I'm not sure I see much value to having this feature if there is a  
> knob to disable it.  What attacks would the signature checking  
> prevent, if there is a trivial way around it?

Ok now I'm hearing mixed messages (guess you can't trust some Juniper 
SE's, you know who you are :P). I would have thought they would implement 
it like securelevels, where you would need to change a configuration and 
reload the router or otherwise do something noticable to return to an 
unprotected state after you have activated the protection. If there is 
absolutely no way to disable this (hidden or otherwise), I suspect there 
will be a lot of annoyed power users. Then again, whats new. :)

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list