Hi, Sylvain.
Thank you for all the follow-up documentation. I definitely agree that using the *_ANY option allows for downgrade attacks and makes security weak/non-existent. But that's the trouble with having to support legacy while also trying to push ahead, isn't it?
> It was enough for what I needed though, this is why I added it, I only wanted
> to prevent anyone from sending valid command packets to our equipment just by
> knowing its IP address. If someone breaks encryption and send the packet which
> we avoided being received, then we will "Actually, I'm not even mad, that's
> amazing" [5] :-)
That's the same reason I'd like to use it -- and the same "kudos to you for hacking in". I'm more interested in preventing the casual "hacker", rather than trying to prevent the next infrstructure take-down. :-)
-- G
This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com