[56047] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Re: [Re: M$SQL cleanup incentives]]

daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Sat Feb 22 11:49:23 2003

Date: Sat, 22 Feb 2003 11:47:24 -0500 (EST)
From: alex@yuriev.com
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0302220157380.30478-100000@www.everquick.net>
Errors-To: owner-nanog-outgoing@merit.edu


> BB> DNS clients will eventually timeout and fall back to another
> BB> server, so any problems would be transient, but the packets
> BB> were legit, right?
> 
> Stateful packet filters are nice.  Properly written, they protect
> both inbound and outbound traffic and need to track very little
> state.

Stateful packet filtering by C sitting between A and B is fallacy since in
order for C to make an intelligent decision it may need to know the details
of every possible communication protocol used by A and B. 

Alex


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[56047] in North American Network Operators' Group

Re: [Re: [Re: M$SQL cleanup incentives]]

daemon@ATHENA.MIT.EDU (alex@yuriev.com)Sat Feb 22 11:49:23 2003

daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Sat Feb 22 11:49:23 2003