They (cisco) promised to realise ssh. Hope we'll see it in a few years, For now, install IPSEC, tunnel, bla-bla-bla, and may be you'll have a piece of security. It's amazing but some hacker's scan erased all our 7206 routers onse (PROM erased withouth any traces of intrusion, and due to accounting it was some kind of scanning, not more). Unix machine... drop all services you don't need, run your services not as the root, install secure level or read-onl.y file system - and no problems. DoS attacks themself are not a problem in case of right resource allocation policy (resource is not only memory but sockets, ports, etc etc).

...

attacks, and can be running services listening on a port which can potentially be "hacked". my only point is that you are trading a set of security issues in multicast for *different* security issues with a cache.

A Unix machine can be secured a lot better than any commercial router.

For one, you can get a source code from it and see what the hell it is doing and fix discovered security holes ASAP.

Second, just run SSH or Kerberos. SSH on cisco, anyone? Nyah.

--vadim

Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)