|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: fw-1 general & VPN questions
Lyndon David (lyndond
sentinet.co.uk)
Tue, 21 Apr 1998 10:57:38 +0100
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Marcus J. Ranum: "Re: fw-1 general & VPN questions"
- Previous message: Eric Vyncke: "Re: fw-1 general & VPN questions"
- In reply to: Marcus J. Ranum: "Re: fw-1 general & VPN questions"
- Next in thread: Bennett Todd: "Re: fw-1 general & VPN questions"
- Reply: Bennett Todd: "Re: fw-1 general & VPN questions"
Yes serial console lines on workstations are not very good. With regard to
the idea of running ppp over the serial console. On a sun box if you send a
break down the console line the box drops to the boot prom. I expect that
there are ways around this behavoir by changing the prom variables.
I thought that the point of the serial console line was that it was a last
resort communication mechanism because the box has become unresponsive from
across the network.
Lyndon
Marcus J. Ranum wrote:
> Joseph S. D. Yao wrote:
> >> I also intend to do some "out-of-band" mgmt with a dialin
> >> modem on the serial console of the two sun boxes (yes, yes,
> >> wardialers I know). However, this is what the customer wants,
> >> and I have no say-so, so I need to simply get it set up.
> >
> >Can you at least get them to use a dial-back modem? Or even strong
> >authentication at the dial-in terminal server?
>
> Sounds like there's no terminal server there, just dialin on
> the serial console. :(
>
> Warning: workstations often have incredibly lame serial consoles.
> I don't know about the particular sun boxes you're planning to use
> but I've had $40,000 screaming hot workstations barely able to handle
> serial I/O at 38.8k.
>
> I've been pondering the secure remote management thing for a while
> and was trying to come up with decent solutions that are dirt cheap.
> Haven't tried this, but does anyone see a flaw with:
> - have a log-in that drops you right into PPP using CHAP
> - run ip_filt on the workstation to filter access via the PPP interface
> - let only SSH in over PPP (or whatever other services are OK)
>
> mjr.
> --
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> work - http://www.nfr.net
> home - http://www.clark.net/pub/mjr
- Next message: Marcus J. Ranum: "Re: fw-1 general & VPN questions"
- Previous message: Eric Vyncke: "Re: fw-1 general & VPN questions"
- In reply to: Marcus J. Ranum: "Re: fw-1 general & VPN questions"
- Next in thread: Bennett Todd: "Re: fw-1 general & VPN questions"
- Reply: Bennett Todd: "Re: fw-1 general & VPN questions"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:47 CDT