Re: outbound filtering
- From: "badgolferman" <REMOVETHISbadgolferman@xxxxxxxxx>
- Date: Tue, 26 Dec 2006 17:57:01 -0500
Sebastian Gottschalk, 12/26/2006,5:46:04 PM, wrote:
Jim Ford, 12/26/2006,3:32:22 PM, wrote:
He obviously knows a lot about security
Maybe not. If he really knew a lot about security he would be
willing to offer advise. I'd say he knows a lot about arrogance.
Actually this one rathers belongs much more to a meta discussion. Your
problem is not a concrete security problem, but the lack of concept
and knowledge. Offering concrete advise won't solve this more
And I've pointed out some concrete consequences of this problem:
- NAT routers aren't firewall or security devices.
- Monitoring connections doesn't require extensive packet filters with
state machines, but just standard operating system tools requesting
such information directly from the OS.
- Outbound filtering doesn't work. Never did, never will, beside the
wishes because it would be nice if it actually worked. And the reason
is inter-process communication, some feature that you wouldn't like
to miss either.
Thank you for the informative response.