[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 08/26/03
- Previous message: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
- In reply to: Bret Watson: "Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Paul Robertson: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Frederick M Avolio: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Bret Watson: "[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Barney Wolff: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bret Watson <lists@ticm.com>, Bartek Krajnik <bartek@bicom.pl>, firewall-wizards@honor.icsalabs.com Date: Tue, 26 Aug 2003 17:07:46 -0400
Bret Watson wrote:
>A better solution is this..
>
>in the DMZ place a H323 gatekeeper with routed proxying turned on, restrict the port ranges to the number of simultaneous connections you expect to receive..
Y'know, I think I must just be "retro" but I think there's no how, no way
that netmeeting has any business entering or exiting a mission-critical
network. I.e..: if it's worth firewalling, it's best to not allow this kind of
stuff at all. Of course the users will scream. But they will always
scream anyhow. How long will it be before someone writes a worm
that uses it? Then everyone'll be scrambling for a "solution" to the
problem once the horse has left the barn. There's a "solution" for
this crud and that's not to run the risk in the first place...
Sorry - I'm feeling extremely curmudgeonly today. In my inbox I had
*5* reports of mission-critical networks that were taken down by
various worms in the last week. Why's that? On the surface, the
answer is "RPC bug" but the REAL answer is "people should not
be connecting mission-critical networks to the Internet - even with
firewalls." A small handful of us have been singing this song quietly
in the corner for about 12 years, now. Is anyone going to ever "get it"??
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
- In reply to: Bret Watson: "Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Paul Robertson: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Frederick M Avolio: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Bret Watson: "[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Barney Wolff: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
