to install ACL to
prevent the router itself being attacked.
John
-Original Message-
From: Rich MacVarish [mailto:[EMAIL PROTECTED]]
Sent: 31 January 2003 13:08
To: [EMAIL PROTECTED]
Subject: RE: Router Packet Filtering and Firewalls
Greetings,
RFC 1918 specifies the reserved private use networks
Of course it's better to have two layers of protection, even though the
first one is just a filtering router. The ISP's technical guys are just lazy
and they try to bullshit you. All they want to do is to ease their life,
having a non standard configuration will require more administrative effort
Certainly a firewall can check for things that a router probably
doesn't have the memory and/or spare horsepower for. But there is
some traffic that is just simply obviously wrong, and the further
out from your core you can discard it, the less impact it can have
on your network and systems.
Your ISP is being dorkish in its approach. There is no question
whatsoever that packet filtering at the level of the border router
should be an adjunct to stateful inspection at the firewall level. At
the very least, router ACLs take some of the burden off of the firewall,
and will complement
In my opinion.. This is a great question..:)
The more the better is always the thought however when I configure such
scenarios I prefer to have there firewall do the blocking and leave the
router to do just routing (which it's best at anyways IMHO)
This way you have one place to gather
Hi Geoff,
It's your ISP not wanting the extra pain of a non-standard installation.
Having the router block incoming packets from your address block and those
addressed to your broadcast address means your firewall can spend its CPU
time dealing with trickier rules. If your company doesn't do
You are right on all accounts and fair play to you for battling with
them.
Yes they are more lazy then anything else and a preset configuration
naturally makes their life easier but that is not what you are paying
them for. Might I also suggest that you get a copy of the flash memory
with the
2983000
Fax: +353 1 2960499
-Original Message-
From: Paul Stewart [mailto:[EMAIL PROTECTED]]
Sent: 30 January 2003 17:17
To: 'Geoff Shatz'; [EMAIL PROTECTED]
Subject: RE: Router Packet Filtering and Firewalls
In my opinion.. This is a great question..:)
The more the better is always