Re: [fw-wiz] Inspecting routers
From: Ng Pheng Siong (ngps@netmemetic.com)
Date: 11/26/02
- Next message: David Pick: "Re: [fw-wiz] Active to Passive FTP translator?"
- Previous message: Scott, Richard: "RE: [fw-wiz] Active to Passive FTP translator?"
- In reply to: Kyle R. Hofmann: "Re: [fw-wiz] Inspecting routers"
- Next in thread: Ben Nagy: "RE: [fw-wiz] Inspecting routers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ng Pheng Siong <ngps@netmemetic.com> To: "Kyle R. Hofmann" <krh@lemniscate.net> Date: Tue Nov 26 10:27:18 2002
On Mon, Nov 25, 2002 at 05:22:57PM -0800, Kyle R. Hofmann wrote:
> On Mon, 25 Nov 2002 18:20:49 +0100, Lorens Kockum wrote:
> > You said only 80 and 443, that's incoming, can the webservers
> > initiate connections to the outside? If they can, stateful
> > filtering on the external router could maybe be a good idea.
>
> Even if they can, should they? I can't think of a compelling reason for them
> to be initiating connections to the outside world, but I don't know how
> they're setup.
One example is a web application that "aggregates content" available
elsewhere, say, raw data feed sold by Reuters and the like.
The alternative to web or application servers connecting outwards is some
kind of multi-tier architecture with fancy routing and firewalling to suck
such data from somewhere else and pump them into the web farm, typically
thru some mega-buck "content management" system. I've seen such attempts -
mind-boggling, they are.
Ahh, those dot.com days...
-- Ng Pheng Siong <ngps@netmemetic.com> * http://www.netmemetic.com
- Next message: David Pick: "Re: [fw-wiz] Active to Passive FTP translator?"
- Previous message: Scott, Richard: "RE: [fw-wiz] Active to Passive FTP translator?"
- In reply to: Kyle R. Hofmann: "Re: [fw-wiz] Inspecting routers"
- Next in thread: Ben Nagy: "RE: [fw-wiz] Inspecting routers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
