[121209] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Tim Durack)
Wed Jan 13 10:25:32 2010
In-Reply-To: <29A54911243620478FF59F00EBB12F4701BFF4A0@ex01.drtel.lan>
Date: Wed, 13 Jan 2010 10:24:41 -0500
From: Tim Durack <tdurack@gmail.com>
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Lots of interesting technical information in this thread. Mixed with a
healthy dose of religion/politics :-)
I suspect that most people are going to keep doing what they are doing.
In our environment, at the transport level, we have moved from
stateful towards stateless, as it has proved to be operationally
simpler and more resilient. At the same time some of our application
people have seen the need to put their servers behind stateful "Layer
7" firewalls (I say why stop at Layer 7?)
Here is a thought experiment:
Replace all the routers on the Internet with stateful firewalls. What happens?
Replace all the stateful firewalls on the Internet with stateless
packet filters. What is the result?
--
Tim:>
Sent from Brooklyn, NY, United States
