[134616] in North American Network Operators' Group
Re: IPv6 - real vs theoretical problems
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Jan 7 20:07:26 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Nanog Operators' Group <nanog@nanog.org>
Date: Sat, 8 Jan 2011 01:06:56 +0000
In-Reply-To: <70A7A45E-6685-4584-BA71-8B25F0EA09BF@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 8, 2011, at 5:44 AM, Owen DeLong wrote:
> You say dogma, I say mythology.
Concur 100%.
> Stateful inspection provides security.
To clarify, stateful inspection only provides security in a context where t=
here's state to inspect - i.e., at the southernmost end of access networks,=
directly in front of machines which are serving as client workstations. =20
In all other contexts, such as in front of servers and in the middle of acc=
ess networks, stateful inspection has no security benefit whatsoever, and i=
s actually quite harmful, with a hugely negative effect on security.
;>
------------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.
-- Alan Kay
