[146529] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Nov 15 12:11:49 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <201111151554.pAFFsoWL092906@aurora.sol.net>
Date: Tue, 15 Nov 2011 09:08:07 -0800
To: Joe Greco <jgreco@ns.sol.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>,
McCall Gabriel <Gabriel.McCall@thyssenkrupp.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 15, 2011, at 7:54 AM, Joe Greco wrote:
>> If you put a router where you needed a firewall, then, this is not a =
>> failure of the firewall, but, a
>> failure of the network implementor and the address space will not have =
>> any impact whatsoever
>> on your lack of security.
>
> And the difference between a router and a firewall is ...?
>
> Apparently, one bit.
IMHO, a firewall does not route packets by default, but, rather only forwards
those packets which match configured policies.
A router, OTOH, routes packets by default, but, may be configured with some
policy about which packets to forward.
The difference functionally is what happens when the configuration is
lost or corrupted. Essentially fail open vs. fail closed.
Owen
