On Fri, Jan 27, 2012 at 3:32 PM, Jon Lewis <jle...@lewis.org> wrote: > On Fri, 27 Jan 2012, Christopher Morrow wrote: > >> lots of folks still use it yes. is it helpful? maybe? maybe not? is >> this peering over a shared media (like a 10base-T hub). >> >> You might point out that you'll be enabling this, then promptly >> writing the 'secret' on a large whiteboard in your noc... because >> chances are the config won't include it in rancid and ... you don't >> have a place to store these securely that's not prone also to outages >> :( >> >> also, customers wander through your NOC, so... > > > All that may be true, but still, the random hacker in Romania who wants in > on their BGP session won't know the secret...probably.
1) that person doesn't exist 2) they need a LOT more info about what's going on anyway 3) I bet they will get a copy of the config from at least: a) vendor data sources b) ebay purchases of gear c) pwning a noc-worker and getting things done from there. There are far better ways to skin this cat.
