Re: Why you have hardware firewalls

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 04/06/05


Date: Wed, 06 Apr 2005 15:01:54 -0500

In article <d2vk0u$ipo$1@cauldron.broomstick.com>, Arthur Hagen wrote:

>That seems like tossing the baby out with the bath water. I'm sure you're
>going to curse your decision the next time you need to download an Asus BIOS
>from Taiwan, or access BBC World News, or something else :-)

As you know, a very standard rule of thumb is that if you are not offering
a service, the port is closed. This also applies to countries or regions.
If your company has no plans to offer their product/service to this or
that place/entity, then not accepting a connection is a reasonable decision.
Where my wife works, they sell product to the USA and Mexico, and to reduce
the spam problem, the network admin has a quite restrictive set of firewall
rules. Heck, I know he's even blocked two major ISPs in Canada.

But think about this again - my home network offers absolutely NO services
to ANYONE. But the rules that deny all new incoming connections don't
prevent me from hitting www.asus.com (which for me, resolves to a CERFnet
address in the in the USA) or www.asus.com.tw (211.72.249.196) or to
www.bbc.com (212.58.240.32) or www.bbc.co.uk which is a nickname for
www.bbc.net.uk (212.58.240.111). I don't know what you might be using
as a firewall, but surely it can block inbound packets with a SYN flag
without an ACK flag set. There really are several networks that my
upstream has set null routes for us, but it's comparitively few, and they
are there for extreme abuse.

        Old guy



Relevant Pages

  • Re: iptables natting
    ... > which will apply the rule only to incoming connections to your public IP. ... > and that's being rejected by your firewall. ... from inside my network but works fine if the connection comes from outside. ...
    (Debian-User)
  • Re: Firewalls
    ... Firewall block most of the network traffic between ... Firewalls are not the ultimate solution in security: ...
    (microsoft.public.windowsxp.security_admin)
  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
    (Fedora)
  • Re: Turn off all sharing and network discovery
    ... which is basically Windows XP running as a virtual ... It does need its own AV and firewall. ... unnecessary network resource sharing and resource discovery. ...
    (microsoft.public.windowsxp.general)
  • Re: Turn off all sharing and network discovery
    ... which is basically Windows XP running as a virtual ... It does need its own AV and firewall. ... unnecessary network resource sharing and resource discovery. ...
    (microsoft.public.windowsxp.general)