On 2012-03-14 18:11, Cameron Byrne wrote: > On Tue, Mar 13, 2012 at 8:29 PM, Ashok Narayanan <ash...@cisco.com> wrote: >> On Mar 13, 2012, at 3/13 9:16 PM, Cameron Byrne wrote: >> >> >>> That's reality, and much as I love the e2e principle I think the ordinary >>> citizen is better off behind default-deny. >>> >> I am not trying to be dense, but why? >> >> What is the negative scenario of not having a homenet firewall on? Using >> real examples from the last 5 years .... I would like to know how a cpe >> firewall protects against real threats to modern software. >> >> It seems hard to predict a priori what a "real threat" is going to be. And >> it seems unlikely that "modern software" is all that will be found in >> average homes. For example, will the Android version on the refrigerator >> display be updated? >> > > Agreed about a priori. BUT! what else do we have to go on? I am > asking for a baseline to justify why a CPE firewall is required. In > fact, i have asked for it multiple times on this thread, and all i get > back is anecdotal hand waving, not technical reasons. > > Putting the E back in IETF, let's see some data about why this > function of the system must exist. > > My cursory research says you are not going to be able to present a > convincing amount of data to support the fact that a stateful > inspection firewall should be applied in a contemporary home > environment. I believe the spirit of Homenet is moving the internet > forward without being beholden to the Morris worm and X.25
Fred and I provided factual but local evidence of background radiation of unwanted UDP packets. Actually there is a lot more systematic evidence of this too. For example, this week at the PAM conference in Vienna there's a paper "One-way traffic monitoring with iatmon" by Nevil Brownlee that gives a detailed analysis of observed unwanted traffic, both UDP and TCP SYN. See http://www.caida.org/publications/papers/2012/one_way_traffic_iatmon/ Can you assert that all low-end homenet devices will be internally protected against such traffic? Bian _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet