[SATLUG] 'Router' box with multiple gateways?

Al Castanoli afcasta at texas.net
Fri Aug 2 07:56:01 CDT 2002 

Careful, Chuck... There are other major firewalls, routers, and switches
out there... I've run videoconferences over IP/Satellite with Newbridge
gear and found it at least as robust as Cisco.  There are banks all over
the SouthWest connected to the Federal Reserve via SunScreen firewalls
and Proteon routers (I installed a few dozen of them working for the
Federal Home Loan Bank of Dallas).

I will admit, though the awful kit 3Com used to push created more
trouble than it was worth and I once had to take a trip to Ft.
Lauderdale to replace 3Com gear with Cisco to bring a block of casinos
in the Caribbean back online.  3Com just couldn't handle the
500-800millisecond lag from going over geosynchronous satellites.

The military have used other routers besides Cisco for years, going back
to the IMP (which I used), and we did GCOS routers on AT&T for a few
years when Cisco was still basing their PIX on WindowsNT before they
moved it to IOS.

The early Cisco 3600 series routers were based on the Motorola 68030 and
68040 processors and were trivial to hack with an Amiga.  Some of the
next generation 3600's were based on PowerPC processors and could be
hacked with an IBM RS/6000.  Just because Cisco didn't publish their
dirty laundry doesn't mean they've always been impervious to attack.

I ever see another Livingston PortRouter, though, I'll run away
screaming.

And given my choice, I use Cisco where possible, including the model 804
ISDN router here at home.

-- 
Al Castanoli | home afcasta at texas.net | work afcasta at clearchannel.com
	Computers save time like kudzu prevents soil erosion.


-----Original Message-----
From: satlug-admin at satlug.org [mailto:satlug-admin at satlug.org] On Behalf
Of Chuck
Sent: Wednesday, July 31, 2002 1:44 AM
To: satlug at satlug.org
Subject: RE: [SATLUG] 'Router' box with multiple gateways?

"a number of well known vulnerabilities" -- compared to what!  To other
company's routers -- what company and is the router capable of the same
abilities as a Cisco??? (I think I'm pretty safe here as there aren't
any
other makers of large company routers worth mentioning).

Or maybe you're comparing to 'server' based routers -- like a Windows NT
server acting as a router.  And how many vulnerabilities are there in
THOSE???  Maybe you're comparing to a Linux router that someone loaded
up
from a CompUSA RedHat box and plugged into the Internet -- I'm sure
THOSE
are totally safe, without ANY vulnerabilities!?!?!

And how severe are the vulnerabilities.  Sure, you can bog down a Cisco
router with traffic (real, half open, spoofed, etc); you can maybe even
crash a incorrectly secured one, but can you gain ADMIN or ROOT
access???
Even if you could, what could you do with it.  There is no software on
it
you could use to jump out and attack with.  You can't use it to store
porn
or run an IRC server.  So what would you gain by hacking into a router
besides upsetting its traffic flow.  Or maybe I should ask, what MORE
could
you do with a hacked Cisco router than a hacked NT/W2K/Solaris/Linux/BSD
router???  NOTHING is the answer.

So, I'll go back to the original question --- a number of
vulnerabilities
compared to what???  And yes, they are expensive.  For the same reason
Sun
servers, Mercedes, and Wilson Combat .45s are expensive.  It COSTS to
build
things right -- but they all last forever and keep you safe when built
right
(not to mention they all come with an excellent warranty/support
system)!


Chuck



-----Original Message-----
From: satlug-admin at satlug.org [mailto:satlug-admin at satlug.org]On Behalf
Of clickdoug
Sent: Tuesday, July 30, 2002 11:57 PM
To: satlug at satlug.org
Subject: Re: [SATLUG] 'Router' box with multiple gateways?


Cisco is a very good router (spell that expensive) and according to
bugtraq
have a number of well known vulnerabilities.

> > On the other hand, I can tell you how the 'large' companies do it --
> > with commercial routers (Cisco usually).  I have set up Cisco
routers
> > to do this specific task in the past.  Its actually a fairly common
and
> > an easy task to do with Cisco routers.  The specific configuration
> > would depend on how you want to set up your inbound/outbound
traffic.
> > Some of the choices would be: 1)Use one ISP as primary and the other
as
> > backup.
> > 2)Switch back and forth between ISPs periodically.
> > 3)Use one ISP unless his network becomes congested and then switch
to
> > the other.
> > 4)Use one ISP for traffic to certain location(s) and the other ISP
for
> > all other.
> > 5)Use both ISPs simultaneously with a certain percentage of traffic
> > through one and the rest through the other.
> > 6)Use both ISPs simultaneously (balanced) with return traffic
following
> > the same outbound path.
> > 7)Use both ISPs simultaneously with outbound traffic through one and
> > return traffic through the other.
> > 8)Use both ISPs simultaneously with outwards initiated traffic
through
> > one and inwards initiated connections through the other.
> > And a few other options.
> >
> > A side benefit of using a Cisco router for the job would be the
ability
> > to run the Cisco Firewall feature set on the router.  It doesn't
make
> > the router a true 'firewall', but it does a pretty good job of
> > protection.  And of course, that is part of the industry standard
idea
> > of 'layered
> > protection' (in fact, using edge routers for some protection is
ALWAYS
> > advised).  If you have a small location and bandwidth need, start
out
> > with the smallish and inexpensive Cisco 2600 series router.  Grow
from
> > there up through the 12000 series that can switch/route OC-192
> > (10Gigabyte) links.
> >
> > And no, I don't work for Cisco (any more at least).  They just
produce
> > the best routers there are.  Not hard to conclude when you learn
that
> > 82% of the Internet backbone equipment and 90+% of corporate network
> > equipment is Cisco!
> >
> > Chuck
> >
> >
> >
> >
> > -----Original Message-----
> > From: satlug-admin at satlug.org [mailto:satlug-admin at satlug.org]On
Behalf
> > Of David Salisbury
> > Sent: Thursday, July 25, 2002 4:45 PM
> > To: satlug at satlug.org
> > Subject: [SATLUG] "Router" box with multiple gateways?
> >
> >
> > Howdy all,
> >
> > I've been proposed a situation, and I'm not quite exactly sure *if*
it
> > can work (although I'm sure with Linux it can), or more importantly,
> > *how* it can work.  Basically, what we'd like to set up is a Linux
box
> > acting as a router/firewall (which I've done) before.... but instead
of
> > it having just 2 NICs, one for the outer interface and one for the
> > inner interface, having 2 or more outer interfaces that go to
multiple
> > ISPs that will allow for redundancy in case one of the connections
goes
> > down.  I've never done this before, but it seems you could
accomplish
> > something like this by using multiple gateways on the
router/firewall
> > box.  The goal is to have an internet connection that seemingly
never
> > goes down, because if one connection goes down the other one sort of
> > "takes its place".  Is this feasible to do, or does anyone have any
> > ideas or links?  I'm really not even quite sure how larger companies
> > handle this problem, because I know losing an internet connection
for a
> > large company could be real bad news, so I'm sure they have sort of
> > contingency....
> >
> > <taking a breath>
> >
> > Sorry for the long paragraph, but any help would be GREATLY
> > appreciated!
> >
> > David Salisbury
> >
> >
> > _______________________________________________
> > Satlug mailing list
> > Satlug at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug
> >
> > _______________________________________________
> > Satlug mailing list
> > Satlug at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug
>
>
>
> _______________________________________________
> Satlug mailing list
> Satlug at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug
>

_______________________________________________
Satlug mailing list
Satlug at satlug.org
http://alamo.satlug.org/mailman/listinfo/satlug

_______________________________________________
Satlug mailing list
Satlug at satlug.org
http://alamo.satlug.org/mailman/listinfo/satlug

More information about the Satlug mailing list