[120887] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Mark Smith)
Tue Jan 5 18:39:37 2010
Date: Wed, 6 Jan 2010 10:08:43 +1030
From: Mark Smith <nanog@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org>
To: Tony Finch <dot@dotat.at>
In-Reply-To: <alpine.LSU.2.00.1001052049110.3461@hermes-1.csi.cam.ac.uk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 5 Jan 2010 20:51:47 +0000
Tony Finch <dot@dotat.at> wrote:
> On Tue, 5 Jan 2010, Brian Johnson wrote:
> >
> > Given this information, and not prejudging any responses, exactly what
> > is a firewall for and when is statefull inspection useful?
>
> Stateful inspection is useful for breaking things in subtle and
> hard-to-debug ways.
> http://fanf.livejournal.com/102206.html
> http://fanf.livejournal.com/95831.html
>
Your second article (with the pointer to "end-to-end arguments in
systems design") reminded me of this thread that came up on the Linux
networking development mailing list recently. TCP was flaking out, but
if the same traffic was tunnelled over the same connection, all was
good.
Strange TCP behavior over HSDPA
http://www.spinics.net/lists/netdev/msg116809.html
> Tony.
> --
> f.anthony.n.finch <dot@dotat.at> http://dotat.at/
> GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
> MODERATE OR GOOD.
>
