Re: [fw-wiz] A fun smackdown...

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 05/21/05

  • Next message: Jeremiah Cornelius: "RE: [fw-wiz] A fun smackdown..." 
    To: "Paul D. Robertson" <paul@compuwar.net>, Chuck Swiger <chuck@codefab.com>
Date: Fri, 20 May 2005 22:02:50 -0400

    >> How about excessive ICMP filtering breaking path MTU discovery?

    Another perfect example of a bunch of egg-heads in the IETF
    coming up with a mechanism for doing something that
    completely ignored existing implementations of security
    systems - and breaks as a result. The PMTU discovery
    mechanism, using ICMP, was moronic design from the get-go.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Jeremiah Cornelius: "RE: [fw-wiz] A fun smackdown..."

    Relevant Pages

    • Re: [fw-wiz] A fun smackdown...
      ... >Another perfect example of a bunch of egg-heads in the IETF ... implementations of security systems" because there were almost none. ...
      (Firewall-Wizards)
    • Re: Question re: load balancers as a security device
      ... them facing an external network with unknown security implications. ... In the case of managed services I've found that vendors try very hard ... to standardize the implementations they manage. ... understanding of the architecture, traffic, configuration of LBs, etc. ...
      (Pen-Test)
    • Re: Home Networking/Firewall problem
      ... filters to achieve security you're required to have such a knowledge. ... virus-scanners don't address the problem of running untrusted software, ... common implementations just add new attack vectors). ...
      (comp.security.firewalls)
    • RE: [Firewalls] Help me understand servers behind NAT routers
      ... turned this into a NAT v/s a firewall issue. ... concern of the original poster was about exposed ports on the WAN side. ... of going for IETF meetings, I'd rather go to the trade shows. ... security as there must be a server at the receiving side. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Host based vs network firewall in datacenter
      ... My opinion is that anything you can do is better than nothing. ... implementations, and they bury their head in the sand regarding it. ... However, as someone concerned about security, I don't think you should ... > 3) This option is good because it will allow us to apply stateless ACLs at the gateway and centralize the management of firewall functions. ...
      (Firewall-Wizards)