Re: Port 113?

On Thu, 31 Aug 2006 13:31:40 GMT, Leythos <void@xxxxxxxxxxx> wrote:

In article <1157026267.212305.286630@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
q_q_anonymous@xxxxxxxxxxx says...
I think it's important to have both perspectives. But to say to a
technical geek expert 'you don't know, you're not a "professional",
because you're not 'in the industry' of setting up fireawlls for
businesses, is just stupid.

Many people that teach and are not in the field have problems with this
statement: There is the right way, the wrong way, and the way it really
works.

Many people that don't have experience in multiple cases only see a
small scope of situations, or actually never see more than a couple
situations. Some of those people are ignorant enough to believe that
their scope and what they read is the definitive word in how it should
always be.

Many people that have built solutions in the real world, that have
proven to work, without a failure, without a breach, that keep
corporations all over the world up and running, feel they know it all.

There are a few people, and mostly a minority, that have enough
experience, have enough QA/Development time, have experienced many
solutions and products/platforms, that they get tired of the kiddies
claiming that they know the only right answer to everything.

I've seen hundreds of installations were a "technical" type setup a
firewall, you can pick the firewall platform/appliance, where they just
went by some training or document they found on the web, where there
were so many holes that it might as well not have been installed. I've
seen security instructors give bad information and methodology to
students. I've seen instructors to the one really bad example "We're
going to do it this way in class so that I can show you how it works,
but you should never do this in a clients network" - and then the kids
go out and all they remember is how it was done in class.


Been there already.

I don't claim to know everything but I have been doing this for a
really long time and I have seen all sorts claiming all sorts.

Last year I was in a CISSP class and the instructor who I originally
thought was OK turned out to be a moron. He and I got into an email
debate about encryption key lengths and it became clear to me he
really had no idea what he was talking about. I told our corporate
people to never ever hire this guy for a class again

I have the impression that there are people in here that claim a lot of
things, that like to appear as authorities by spouting what the RFC's
suggest, that say nothing except their way is the right way, but, I also
get the idea that those same people have either never been in the real
world or are so far removed from it that the scope of what is real and
what they know is very small.

I read RFC's I know some people who have their names on RFC's. Big
deal, vendors often do not adhere to the RFC's at all. My specialty
is IPSec and this was a nightmare of incompatibility several years
back (been to IPSec bake offs) because of companies not doing what the
RFC said and mostly, they didn't care.

You can take what I've written and throw it away, but it won't change
the fact that you can do many things, even things that the RFC's would
rather you not do, and life will still go on, your network will still
work, your client won't experience any problems, and your designs will
be safe.

I agree, ignore my comments, I really don't care. I was only trying
to point out how things are done in the corporate world of big
firewalls and big networks. My home net is designed just like our
corporate net. There is no good reason to respond to unsolicited
packets, do so if you want, I don't.

An expert is only an expert if his peers believe he's an expert. Any
expert that believes he's an expert is only fooling himself.

Agree 100%.
.