[70536] in North American Network Operators' Group
Re: Barracuda Networks Spam Firewall
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue May 18 16:08:41 2004
To: "Christopher X. Candreva" <chris@westnet.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 18 May 2004 15:48:28 EDT."
<Pine.GSO.4.60.0405181546240.13506@westnet.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 18 May 2004 16:05:02 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1188338380P
Content-Type: text/plain; charset=us-ascii
On Tue, 18 May 2004 15:48:28 EDT, "Christopher X. Candreva" <chris@westnet.com> said:
> What would your auditor think about your secondary MX being used as a DOS
> amplifier because it sends out thousands of bogus bounces to forged
> addresses ?
You're missing the main point - that sometimes things are done in ways that are
sub-optimal or even pessimal from the technical standpoint, because some other
consideration interferes. Yes, it *would* be nice if everybody in the world
was able to DTRT on their outward-facing gateway and send back an immediate 550
on a RCPT TO: in order to stop stuff right up front. However, this implies
getting buy-in and resources of all the appropriate people.
I'm sure *everybody* has had at least one Good Idea either totally shot down or
mutated beyond recognition because it wouldn't pass auditors (either internal
or external), or because it involved purchasing from Company X because X is the
only one with the feature support, but you'll never get that purchase order
approved by the "it must be Company Y gear" manager, or because deploying it
would involve getting buy-in from somebody in applications development, and
they don't understand why the urgency on this new feature you need them to
add...
--==_Exmh_1188338380P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAqmxucC3lWbTT17ARAlDIAKDTi98Cv3mfuhwvvMJ+aP5K2w0sigCdGMUk
mtJ/nUMfxBboNk6dSn0bksI=
=m2zT
-----END PGP SIGNATURE-----
--==_Exmh_1188338380P--
