[146532] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Leigh Porter)
Tue Nov 15 12:16:18 2011
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Chuck Church <chuckchurch@gmail.com>
Date: Tue, 15 Nov 2011 17:16:23 +0000
In-Reply-To: <001a01cca3a5$5efa1200$1cee3600$@com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Quite right.. I bet all Iran's nuclear facilities have air gaps but they l=
et people in with laptops and USB sticks.
--=20
Leigh
On 15 Nov 2011, at 14:48, "Chuck Church" <chuckchurch@gmail.com> wrote:
> -----Original Message-----
> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]=20
> Sent: Tuesday, November 15, 2011 9:17 AM
> To: Leigh Porter
> Cc: nanog@nanog.org; McCall, Gabriel
> Subject: Re: Arguing against using public IP space
>=20
>> And this is totally overlooking the fact that the vast majority of
> *actual* attacks these days are web-based drive-bys > and similar things=
> that most firewalls are configured to pass through. Think about it - if=
a
> NAT'ed firewall provides > any real protection against real attacks, why=
are
> there still so many zombied systems out there? I mean, Windows =
>
> Firewall has been shipping with inbound "default deny" since XP SP2 or s=
o.
> How many years ago was that?
>=20
> Simple explanation is that most firewall rules are written to trust traf=
fic
> initiated by 'inside' (your users), and the return traffic gets trusted =
as
> well. This applies to both Window's own FW, and most hardware based
> firewalls. And NAT/PAT devices too. There's nothing more dangerous tha=
n a
> user with a web browser. Honestly, FWs will keep out attacks initiated =
from
> outside. But for traffic permitted or initiated by the inside, IPS is o=
nly
> way to go. =20
>=20
> Chuck =20
>=20
>=20
>=20
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email=20
> ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email=20
______________________________________________________________________
