jak @
pot .
hole .
fi:
> You have a closed 1200+ PC-machine LAN, connected to the Net thru
> a BSDI+Firewall. One PC-end user in his days of wisdom decides to
> purchase a SLIP-connection to a local INet provider. He enables "IP
> Routing" from his Windows for Workgroups, and someone on the net "sees"
> or hears about this, and decides to route himself into the "firewalled"
> network thru this machine... Boom.
>
> I couldn't think of an easy way to disable this possibility, other
> than telling the end user not to do this. Any hints/ideas?
The answer, I think, would lie in
- only stocking your LAN with single-address/single-interface PCs
- only responsible and competent providers existing
Unfortunately for the industry, the latter is not as likely as the the former.
[comments about those who would route arbitrary networks on their system
undermining their own security (and business) deleted]
Joe Provo
Systems and Network Admin, UltraNet Communications Inc.
508.229.8400(voice) jprovo @
ultra .
net 508.229.8111(data)
A network service provider in Marlboro, MA mailto:info @
ultra .
net
|
|
