[120865] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Brielle Bruns)
Tue Jan 5 16:06:31 2010
Date: Tue, 05 Jan 2010 14:05:06 -0700
From: Brielle Bruns <bruns@2mbit.com>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <4B43A8A7.9030904@poggs.co.uk>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/5/10 2:01 PM, Peter Hicks wrote:
> Tony Finch wrote:
>
>> Stateful inspection is useful for breaking things in subtle and
>> hard-to-debug ways.
> >
>> http://fanf.livejournal.com/102206.html
>> http://fanf.livejournal.com/95831.html
>
> Is that really stateful inspection? Isn't the SMTP fixup on a PIX an
> application-level gateway?
>
> I *though* most of the world turns SMTP fixup off because it's naff.
>
It is a ALG, and a completely braindead one at that. Nothing like
trying to figure out what an error message means when its just...
XXX ******************************************************
The PIX's fixup for DNS packets have been causing issues on my end too
in one setup.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
