Re: Telnet and FTP to Historic
Keith Moore <moore@network-heretics.com> Thu, 03 December 2020 21:03 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215083A0D76 for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2020 13:03:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdKPg2rkLNoz for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2020 13:03:02 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6EC83A0D2F for <ietf@ietf.org>; Thu, 3 Dec 2020 13:02:59 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id D5AC5972; Thu, 3 Dec 2020 16:02:58 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 03 Dec 2020 16:02:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=TJP130 YideX5BV10VaDzAfxwKvTBOqOLb0xebfHjtMk=; b=eSSyGiNQTpcBL87KhwT1Mj B9hlsj/4Gm+HETmuhULKtvkjjetbQFVz34dK2kEcoglnk+VeOIeVFvaWw95YZvru ALyQaB8xu2200aRedfDklB2/pH7pMvMM8vbj4r6ixWbB2g7kv4gG5S/aKLX4Gb1F Emenz0tb+ylZ2GqtiWephHFb9UB5DIrQxRnk9vutn1gG4rHx/eI+Lb3NMHqZQJNk FG6gVVOSKYnnyu/uRgR5sR4K5NtQbfs30nJ5IRkssDPhV63+1O+xT3lUCECm6KAK EvB6l0CtIQoelykQC6uxYZBNcdjLz25YU8ddRW3LF0eFLItAnjGRCKclIFxvgOoA ==
X-ME-Sender: <xms:gVLJX_QhGYhOixRKbRs5sPtFVZMWbRTf4EEmElgh2Onl1jydHs-Q3w> <xme:gVLJXwzJGrT_9G7yk_0us9SSsjw0m02t2P23ZUarPXOvgHpT7Gj5GbWf9ucpzdB0J rHXP-YrEV_Asg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeiiedgudegiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefuvfhfhffkffgfgggjtgesrgdtreertdefjeenucfhrhhomhepmfgvihht hhcuofhoohhrvgcuoehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh eqnecuggftrfgrthhtvghrnhepveefteduieegtdelvddvtddufeejjeffvdefteejieeu lefgtdfggedtffektedunecukfhppedutdekrddvvddurddukedtrdduheenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmohhorhgvsehnvght fihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:gVLJX026eHZfRev06xwtJjo4tzaqkq9JC6lb1jI4gdmDjJF6IwmBJQ> <xmx:gVLJX_Dsp7J6XXS_-8Arx-OswZrAUlmprOD9ewEg08v7FfNFH3v9Tg> <xmx:gVLJX4hG47lkdeXuKbE7-ka6bjkvQw-5lm6YiM6i_DOZWCWvcSeB8w> <xmx:glLJXztX6CczP99KCjzDq2OF-wFsNYVuBQqoMHlnB6lAbs8h-WzWdQ>
Received: from [192.168.1.85] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 9D163108005B; Thu, 3 Dec 2020 16:02:57 -0500 (EST)
Subject: Re: Telnet and FTP to Historic
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
References: <51d208a3-4cae-b69a-6ecc-d15f48c66b44@huitema.net> <06E7EB62-D6C2-4827-A241-8E276860C2B7@strayalpha.com> <6842e463-6fce-42e5-402c-acacabd9905b@huitema.net> <8cb5f679-ebc5-3107-1708-c4912b9222d4@network-heretics.com> <CAMm+LwhiDK-mxjzezGvAu5pRw0S1=7+vEi8NKYdBWAtmyW+dxA@mail.gmail.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <96b7c1b1-bf0f-65a7-f35e-9b0373318478@network-heretics.com>
Date: Thu, 03 Dec 2020 16:02:56 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CAMm+LwhiDK-mxjzezGvAu5pRw0S1=7+vEi8NKYdBWAtmyW+dxA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------0AE1B784E9C70BFF01082DAB"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/hL50KNh8Qv9ACZ9zBFV6jZJdOCU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 21:03:12 -0000
On 12/3/20 3:45 PM, Phillip Hallam-Baker wrote: > > For that matter not even "air gapped" networks are really safe. > There's > almost always some laptop or other that occasionally connects to such > networks, and malware can creep in that way. > > > There are viable controls but they are very expensive. At VeriSign we > constructed a tier 6 SOC and kept the machines that perform offline > operations in a very pricey safe along with the HSMs (see the CPS > which documents all of that). Yes but this is a far cry from the typical "air gapped" LAN which is an Ethernet switch or WiFi access point that just doesn't happen to have an upstream link (most of the time). And for most sites the kinds of measures you employed at VeriSign (glad you did!), or really anything more than perhaps an extra lock on the gate or door, would be prohibitively expensive. I know of sites that are part of critical infrastructure, on concrete pads in the middle of nowhere, surrounded by a chain link fence (if that). The fence is just to keep the nearby cows out. Keith
- Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Theodore Y. Ts'o
- Re: Two FTP issues Joseph Touch
- Re: Two FTP issues Salz, Rich
- Re: Two FTP issues Larry Masinter
- Re: Two non-FTP issues John Levine
- Re: Two non-FTP issues Keith Moore
- Re: Two FTP issues John C Klensin
- Telnet and FTP to Historic Phillip Hallam-Baker
- MIME sniffing Keith Moore
- Re: Telnet and FTP to Historic Keith Moore
- Re: MIME sniffing Julian Reschke
- Re: MIME sniffing Keith Moore
- Re: Telnet and FTP to Historic Adam Roach
- Re: Telnet and FTP to Historic Carsten Bormann
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Carsten Bormann
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic Michael Thomas
- Re: Telnet and FTP to Historic Scott O. Bradner
- Re: Telnet and FTP to Historic John C Klensin
- Re: Telnet and FTP to Historic Scott O. Bradner
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Mark Andrews
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Scott Bradner
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Jared Mauch
- Re: Telnet and FTP to Historic Mark Andrews
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic John Levine
- Re: Telnet and FTP to Historic John C Klensin
- Re: Telnet and FTP to Historic Theodore Y. Ts'o
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Joe Touch
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Christian de Larrinaga
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Dave Cridland
- Re: Telnet and FTP to Historic Nick Hilliard
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic IETF Sergeant at Arms
- Re: Telnet and FTP to Historic Christian de Larrinaga
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Joe Touch
- Re: Telnet and FTP to Historic Keith Moore
- Re: Telnet and FTP to Historic Adam Roach
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Keith Moore
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic Keith Moore