On Sun, Mar 19, 2000 at 09:14:37PM +0000, Steve Dodd wrote:
> On Sun, Mar 19, 2000 at 09:22:18PM +0100, Lars Marowsky-Bree wrote:
> > On 2000-03-17T17:50:56,
> > "Christopher E. Brown" <[EMAIL PROTECTED]> said:
> > > Sure, it protects you from SYN attacks, but it is a stateful
> > > device, and evil.
> > Stateful filtering is generally considered a good thing.
> But stateful routers aren't. Excuse me while I blunder around in your machine
> room and trip over the power lead to your router <g>
And that has what to do with the price of tea in china?
Stateful filtering in routers, firewalls, or host interfaces is
almost certainly a good thing considering the insecurity of most of the
alternatives. The secure alternative on a firewall would be proxies.
Secure, yes, but a dubious performance hog at the very least... And excuse
me while I blunder around in your machine room and trip over the power
lead to your [proxy firewall of choice]. The comment was inane. What would
you be doing blundering around in my machine room and what would be my excuse
for not beating the living $#@$@# out of you while people reestablish their
connections (I doubt they would notice the difference considering how often
the Internet hickups for one reason or another). The alternative is
no stateful intelligence in your access control at all and that is most
certainly a BAD thing...
> --
> "Love is a snowmobile racing across the tundra and then suddenly it
> flips over, pinning you underneath. At night, the ice weasels come."
> -- Matt Groening
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
