Wireless insecurity at NANOG meetings

How about just plainly blocking the most obvious holes, that is
telnet and POP? If someone wants a direct telnet connection to a
route server or something similar - open a hole with a web-based tool?
Ok, then you say all unencrypted www traffic with plain username/pw..
SSH'ing everything back to home base is quite useful :slight_smile:


Configure hogwash (an evil snort hack which RSTs connections that match
snort IDS rules) and create rules for unencrypted pop login, telnet login,
web login things. That way you don't disturb encrypted versions on the
same port numbers..

.. such for-you-own-good could be done by anyone on the wire vigilante
style, not that anyone would endorse that (you're likely to screw up the
rules and fry the network) ..