John Fraizer: Friday, May 19, 2000 1:24 PM
On Fri, 19 May 2000, Daniel Senie wrote:
I'd like to see sites which filter provide a looking glass or similar so
Some providers are VERY paranoid about people seeing what their routing table looks like. I requested that one of our upstreams provide a looking-glass and their reply was "The LG code requires that we open up RSH on the routers. No Way!"
I wrote looking-glass code that uses telnet. I provided it to
This I can understand ... the
provider in question. Still no looking-glass nearly a year later.
Maybe, if you'd based it on ssh, it might have flown better? I don't allow either telnet or FTP anywhere on my systems. For critical stuff (anything requireing passwds), allowed protocols are SSH, SMB (Samba forwarded over SSH), and HTTPS. We also use SSL POP3 and SSL SMTP and remote admin is VNC through SSH. The only unsecured port is standard SMTP and that's in the process of being AUTH'd (as soon as I free-up resources to do that). Many other shops I know are the same way, or they don't allow external connections at all (bastion hosts). That they don't allow external telnet sessions is no surprise.