Re: outbound filtering

Sebastian Gottschalk, 12/26/2006,5:46:04 PM, wrote:

badgolferman wrote:

Jim Ford, 12/26/2006,3:32:22 PM, wrote:

He obviously knows a lot about security

Maybe not. If he really knew a lot about security he would be
willing to offer advise. I'd say he knows a lot about arrogance.

Actually this one rathers belongs much more to a meta discussion. Your
problem is not a concrete security problem, but the lack of concept
and knowledge. Offering concrete advise won't solve this more
fundamental problem.

And I've pointed out some concrete consequences of this problem:

- NAT routers aren't firewall or security devices.
- Monitoring connections doesn't require extensive packet filters with
state machines, but just standard operating system tools requesting
such information directly from the OS.
- Outbound filtering doesn't work. Never did, never will, beside the
wishes because it would be nice if it actually worked. And the reason
is inter-process communication, some feature that you wouldn't like
to miss either.

Thank you for the informative response.