From owner-freebsd-security Mon Jul 1 11:31:38 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA22009 for security-outgoing; Mon, 1 Jul 1996 11:31:38 -0700 (PDT) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA21989 for ; Mon, 1 Jul 1996 11:31:32 -0700 (PDT) Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA09457; Mon, 1 Jul 1996 14:31:15 -0400 Date: Mon, 1 Jul 1996 14:31:15 -0400 From: Garrett Wollman Message-Id: <9607011831.AA09457@halloran-eldar.lcs.mit.edu> To: Brian Tao Cc: security@freebsd.org Subject: Is "routed -q" necessary? In-Reply-To: References: <199606302111.RAA23445@ulc199.residence.gatech.edu> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: > run routed at all? I figured it might help keep the routing tables > down to a manageable size, with static and dynamic IP connections > coming and going all the time. The routing tables are already a manageable size; you don't need to do anything to them at all. (There is, however, a small nit as regards ICMP redirects which `routed' would deal with for you.) You can also run `routed' in ``router discovery'' mode if you so desire, although this doesn't completely exist as yet. Since this is the security list, I would point out that the -current routed(8) does not support RIPv2 security. It should, and I hope that the recently added key(4)/keyadmin(8) facility can be used to handle the key-management functions. (I should probably add a hook in /etc/rc to automatically load any statically-configured keys.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant