[121287] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Bill Stewart)
Thu Jan 14 13:27:31 2010
In-Reply-To: <6BD6F623-E730-4FAE-8825-AE3293E2966A@kumari.net>
Date: Thu, 14 Jan 2010 10:26:32 -0800
From: Bill Stewart <nonobvious@gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Jan 13, 2010 at 9:37 PM, Warren Kumari <warren@kumari.net> wrote:
> I can now place a checkbox in the "Is there a firewall?" column of the
> <insert random acronym here> audit.
In most cases, you can check the same box if you use an appropriately
designed stateless firewall
instead of an inappropriate stateful firewall. (Not always, of course.)
And it will keep out some fraction of noise and anklebiters, and
optionally give you a place to hang limited intrusion detection,
without providing an easy path for attackers to crash your connection.
--
----
Thanks; Bill
Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.
