Re: [fw-wiz] Blocking Google Talk



On Tue, 2006-06-20 at 13:49 +0530, Devdas Bhagat wrote:
Bleh. Filtering out nameservers is one way of using a proxy to block
traffic. You do run your own recursive resolvers anyway, right?

I do, but that was not the point. (see other email to Paul).

This isn't a bandaid. Oh, and if you really want to stop the problem,
why not just prevent the installation of the software in the first
place?

Sometimes you don't have control over the computing environment when
people bring in their one devices (laptops etc). Your only option is to
block where you can, on your networking infrastructure. That's the case
in a surprisingly large number of shops, being it Universities or
Hospitals.

(no, please no "prevent unauthorized devices to the network" debates.)

Firewalls _are_ bandaids. If software was written correctly, you
wouldn't need them in the first place.

It's not about software, it's about traffic flow.

My question would be, why aren't you running your own recursive resolver
in the first place? Why are your clients directly talking to the world?

Again, not the point, and I'm familiar with Marcus rants about proxies.
I'm well aware about myriad of ways to tunnel out. Again, not the point.
The point was the lame response by an authority. (see email to Paul)

Cheers,
Frank

--
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards