Re: [fw-wiz] How automate firewall tests

Patrick M. Hausen wrote:
Blocking ICMP completely breaks PMTUD.

Oh, THAT again.

You've got it backwards. PMTUD is already broken; blocking ICMP simply
makes that breakage apparent.

When standards bodies deliberately standardize feature-sets that they
are informed in advance are going to cause security problems, this is what you get.
There was a time when a lot of the "internet pioneers" felt that firewalls were "evil"
and that security interfered with the correct operation of the Internet ("information
must be free!") That agenda resulted in some weird collisions with
objective reality. I recall a time when lots of "internet pioneers" would go around
saying stuff like "When IPV6 is here and nobody needs firewalls anymore.."
or "Router ACLs are good enough." etc. And people wonder why the
Internet protocol stack looks like it was cobbled together by a committee
of amateurs and prima donnas: it was.


firewall-wizards mailing list

Relevant Pages

  • IP checking in the internet and problems?
    ... Can anyone tell me is there any security problems to ... check the IP on the internet? ... can they also know other system information ...
  • Re: Windows updates: should I update?
    ... John wrote: ... My son did not have it connected to internet and used it ... Most Windows updates are fixes for security problems. ...
  • Re: Welcome to Googles Brave New World
    ... if you had your firewall ... ban Outlook Express from accessing the Internet, ... has a history of security problems, ...
  • Re: [Lit.] Buffer overruns
    ... Hank Oredson wrote: ... >>Has honeypot 'solved' the security problems on the internet? ...