[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Routing functionality
On Tue, 12 Sep 2000, Jack Coates wrote: > The vulnerability is that it's a service that doesn't need to be > there, okay, then doesn't your rainwall software fall into the same category? e.g. i can achieve load balancing and HA with external load balancing switches. this means i don't need the rainwall service on my firewall. at least with gated or zebra i get source code to review. > and installing services that don't need to be there in order to work > around problems that exist elsewhere (e.g., internal addressing is > such a mess that the firewall can't get by with a few static routes) maybe the routing protocol is being used to: o provide a default route between two HA firewalls (irdp) o run BGP to two different providers, o provide failover between two firewalls and a pair of border/choke routers (OSPF) basically, just because you run a dynamic routing protocol doesn't mean your are "working around problems." > is a bad idea. So you spend some time securing the service -- wouldn't > that time be better spent in fixing the internal address space? once again, you are making an assumption on why the routing daemon is being run. - brett ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|