Thomas,
Again I wish to bring up that if a slave has been infected and a root kit installed, any credentials on that node will likely be available to be used by the virus; therefore, any credentials used to pass any AAA and have the ACL filter set up will be available to the root kit.
So I still think we should mandate, at least as a BCP, topological correctness on the source.
Does this make sense to you both?
Thanks,
Glenn
-----Original Message-----
From: Thomas Eklund [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 10, 2001 8:39 AM
To: Morrow, Glenn [RICH2:C330:EXCH]; 'Pekka Nikander';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: RE: Source addresses, DDoS prevention and ingress filtering
Hi Pekka,
It is an interesting topic you raise.
I think though that our AAA v6 draft is a big step forward and would like to
stress at a few points.
