[j-nsp] Re: Running a code on router
Richard A Steenbergen
ras at e-gerbil.net
Thu Jan 12 16:23:54 EST 2006
On Thu, Jan 12, 2006 at 08:49:49PM +0000, Michael Shields wrote:
>
> On 12 Jan 2006, at 20:11, Richard A Steenbergen wrote:
>
> > I heard that there would be a mechanism to turn this off. I agree
> > with the
> > concept, it is a good way to prevent people from hacking routers and
> > installing DDoS nets, keep ex-employees from installing backdoors
> > before
> > they leave, etc. For your average user this should be a good
> > feature, so
> > long as power users have the ability to turn it off. :)
>
> I'm not sure I see much value to having this feature if there is a
> knob to disable it. What attacks would the signature checking
> prevent, if there is a trivial way around it?
Ok now I'm hearing mixed messages (guess you can't trust some Juniper
SE's, you know who you are :P). I would have thought they would implement
it like securelevels, where you would need to change a configuration and
reload the router or otherwise do something noticable to return to an
unprotected state after you have activated the protection. If there is
absolutely no way to disable this (hidden or otherwise), I suspect there
will be a lot of annoyed power users. Then again, whats new. :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list