[145162] in North American Network Operators' Group
Re: Synology Disk DS211J
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Fri Sep 30 00:19:03 2011
Date: Fri, 30 Sep 2011 04:14:39 +0000
From: bmanning@vacation.karoshi.com
To: Joel jaeggli <joelja@bogus.com>
In-Reply-To: <4E852502.9070007@bogus.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Sep 29, 2011 at 07:10:10PM -0700, Joel jaeggli wrote:
> On 9/29/11 17:46 , Robert Bonomi wrote:
> >> From: Nathan Eisenberg <nathan@atlasnetworks.us>
> >> Subject: RE: Synology Disk DS211J
> >> Date: Thu, 29 Sep 2011 21:58:23 +0000
> >>
> >>> And this is why the prudent home admin runs a firewall device he or she
> >>> can trust, and has a "default deny" rule in place even for outgoing
> >>> connections.
> >>>
> >>> - Matt
> >>>
> >>>
> >>
> >> The prudent home admin has a default deny rule for outgoing HTTP to port
> >> 80? I doubt it.
> >>
> >
> > No, the prudent nd knowledgable prudent home admin does not have default deny
> > rule just for outgoing HTTP to port 80.
> >
> > He has a defult deny rule for _everything_. Every internal source address,
> > and every destination port. Then he pokes holes in that 'deny everything'
> > for specific machines to make the kinds of external connections that _they_
> > need to make.
>
> Tell me how that flys with the customers in your household...
>
They are freeloaders, not customers. If they -PAID-
for service, then it would be a different conversation.
/bill
