[2230] in bugtraq
Re: Livingston bugs...
daemon@ATHENA.MIT.EDU (Mike A Lyons)
Tue Sep 12 17:21:45 1995
Date: Tue, 12 Sep 1995 14:02:41 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Mike A Lyons <lyonsm@netbistro.com>
X-To: Jay 'Whip' Grizzard <elfchief@lupine.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199509121758.KAA21904@lupine.org>
On Tue, 12 Sep 1995, Jay 'Whip' Grizzard wrote:
> ObBugTraq: Apparently (at least, under limited testing), putting up a filter
> to prevent folks from getting to your login port from the outside world
> will protect you -- Except I don't _want_ to have to start filtering things
> out, and in some circuimstances (backbone routers, etc), it's not exactly
> a viable option. Do YOU want to have the bandwith of several T1's all
> running through a filter before they get off the router? No, thanks...
Unless you can cite any actual benchmarks that demonstrate measurably
lower throughput when filters are in use I would be inclined to dismiss
this particular objection as uninformed speculation. Packet filtering
based on specific, concisely encoded rules is a relatively old and fairly
well understood problem, and I doubt the additional overhead would be
significant at even the T1 level.. especially for a filter as simple as
Livingston's recommended work-around.
If you are having trouble setting up your filters (it's well known that
that section of the manual is clear as mud) querying Livingston technical
support, or the portmaster-users mailing list, would likely be of more
help to you and the rest of the world than spreading misinformation.
