-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of David Ulevitch Sent: Friday, May 24, 2002 2:36 AM To: Valdis.Kletnieks@vt.edu Cc: nanog@merit.edu Subject: Re: Routers vs. PC's for routing - was list problems? [deleted] As to being immune to exploits I fail to see how. An exploit is an exploit -- it doesn't need to give you a root shell to accomplish a goal of crashing the packet filter. I'm more than happy to be proven wrong though, when is there a time when a pseudo-halted system is "more secure"? -davidu ---- EXACTLY! Vulnerabilities [especially in socket functions (you still *are* running a routing protocol right?)] can cause arbitrary code to execute irrespective of your current run level. Most people would agree that having to reboot the machine to change/check/edit anything is an unacceptable scenario. Further, how do you filter an attack in real-time? Deepak Jain AiNET