Re: Static IP addresses for Dial-up
At 09:36 PM 1/29/96 +1100, Robert Elz wrote:
That sounds like a perfect place for a dynamic address, however, if he had that, it would make life harder for me. With his static address I can instal filters to give him more access to my system at home (which is basically permanently connected, and not a PC) than I allow all the rest of you. (For Tony's benefit - no, this is not relying on source address filtering, I actually filter the packets that my system sends out, I will let it send packets to him that I won't let it send elsewhere, which has basically the same effect).
I can certainly understand the need for access control & security, but with the use of a smart-card one-time password system, this is a moot point. - paul
Date: Mon, 29 Jan 1996 08:12:37 -0500 From: Paul Ferguson <pferguso@cisco.com> Message-ID: <199601291311.FAA04274@lint.cisco.com> I can certainly understand the need for access control & security, but with the use of a smart-card one-time password system, this is a moot point. You're expecting me to obtain one of those things for my system at home? And assuming that password type capable access protection is the only kind of protection I care about. Lets be a little reasonable please - access filters aren't dead yet (I would like to see them vanish, and I would hope that one day that might happen, today isn't that day). I will believe this has happened when cisco no longer support packet filtering in their routers. kre
I can certainly understand the need for access control & security, but with the use of a smart-card one-time password system, this is a moot point. Huh? How are you going to stop a system from "illegally" (in the sense of the provider, contracts, or whatever) acting as -say- www, ftp, or whatever server with such a one-time password system? You'll need access control *based on IP addresses* to reach that goal! Piet
I can certainly understand the need for access control & security, but with the use of a smart-card one-time password system, this is a moot point. Huh? How are you going to stop a system from "illegally" (in the sense of the provider, contracts, or whatever) acting as -say- www, ftp, or whatever server with such a one-time password system? You'll need access control *based on IP addresses* to reach that goal!
Perhaps you would like to flesh out these requirements with Dave O'Leary for the PIER WG. This was an area that was of particular concern, in an environment where renumbering is a fact of life. --bill
participants (4)
-
bmanning@ISI.EDU
-
Paul Ferguson
-
Piet Beertema
-
Robert Elz