Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] I2 - draft of "filtering tcp/179" paper

Subject: Internet2 Network Security SIG

List archive

[Security-WG] I2 - draft of "filtering tcp/179" paper


Chronological Thread 
  • From: gcbrowni <>
  • To:
  • Subject: [Security-WG] I2 - draft of "filtering tcp/179" paper
  • Date: Tue, 13 Dec 2016 12:23:36 -0500
  • Ironport-phdr: 9a23:3iuLBR8pICUwLv9uRHKM819IXTAuvvDOBiVQ1KB31+wcTK2v8tzYMVDF4r011RmSDN6dta4P17CempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9ZDeZwtFiCC8bL59Ixm7ohvdvdQKjIV/Lao81gHHqWZSdeRMwmNoK1OTnxLi6cq14ZVu7Sdete8/+sBZSan1cLg2QrJeDDQ9LmA6/9brugXZTQuO/XQTTGMbmQdVDgff7RH6WpDxsjbmtud4xSKXM9H6QawyVD+/6KhlVQLoiDwfNzEn7G7XlsJ+jKVeoB27phx/xZPfbIWaOfd6e6/Qe84RS2hcUcZLTyFPAp+zYIQSAeQCM+hWsY7zqkABrReiAAmhHuPvxiNKi3LwwKY00/4hEQbD3AE4ENIBrG/brM/yNKYcV+C1zbTDwDLMb/xKwjj98o/Icx4nofGNRr9wfs7RyU40GAzfilWQr4vlMC+P2uQMrmiX9fRvWv+yi2M+rQx6vzahxsApiobTh4IVzEjJ9Sp+wIYyKt24TFB0bcS4H5tXsiGXMZZ9TMA6Q2xwpSo3xbkLtYSmcCULyJkr3QPTZvKIfoSS4x/uUP6dLDZ3iX5/Zb6yiRm//VK9xuD9SsW4ylJHoytDn9LRrH4CzQbT5dKCSvZl/keuxzKP1wfL5+FBO080lK7bJ4M4zr42iJUSv17PHiDsmEXwi6+Zal8o+um16+j9fLrpu4KcO5d1igH4LKsuhtSyDfk3PwUKRWSX5OWx2b358UHkTrhHgec6n6jdvZzCIMQUvK+5Awtb0oY57Ba/Ci+r0NsEknYcNlJFfxyGj47oO1zVL/D4CfC/jE+2nzdvwfDGOaHuDo/MLnjeirvuY6ty61NExAop0d9f/45UCq0GIP/rQU/+qsDXDgIjMwy13+bmCMxx140RWW+UBq+ZMbjSsUOT5u4xOeWMZYkVuCrjJPg/4f7hk2M5lUEHcaa3wJQXdSPwIvMzOEiSfGDtnsZEDmgivwwiQfbshUHYFzNfeiWcRaU5sz4wApihEoHCDtSii7ab2zi9H7VZYmdMA1SKFnyudpjCVvsRPnHBavR9myAJAODyA7Qq0guj4VOrxg==

Folks,

I’ve worked up a draft document in google doc, trying to incorporate the feedback from the suvery and mailing list It’s at:

I’d appreciate feedback. The idea would be to have a web page on the I2 site that has a kind of general overview, and then a bunch of sub-pages on individual topics. This would be the first of those individual topics. So, more web pag'y and less pdf’y.

In particular someone looking over the Cisco configs would be appreciated. It’s been awhile for me and, frankly, the implementation of filtering tcp/179 on Cisco devices seems a lot clunkier than either Juniper or Brocade … making me wonder if I’m missing something. IE: it has to be applied to every interface, as I understand it, because there is no control plane interface (like on a Juniper) or control plane access list (like on a Brocade.)

Getting us a contact in Cisco to work with would also seem like a great idea.

Anyway, thoughts? Comments?

(once this is do a good point we’ll get it posted and move on to the next topic from the survey.)
-G

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19.

Top of Page