Re: Why aren't there ANY firewalls?



On Thu, 21 Oct 2010 15:01:39 -0500,
ibuprofin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Moe Trin) wrote:

On Thu, 21 Oct 2010, in the Usenet newsgroup comp.security.firewalls, in article
<92g0c65ajgk3fkmipiv87755tuubn2upud@xxxxxxx>, spamdrew@xxxxxxxxxxx wrote:

Forgive my naivete (and perhaps excessive subject)
but it seems to me that internet communication all comes
into a PC though a single port at a time and therefore through
a "bottleneck".

A single port - but there are 65500 of them for TCP, 65500 more for
UDP, and many more than one may be open or having a conversation at
a time.


No - a single input port. one chip. ports are created by software
later.


Is there some reason we can't just have a blacklist and a whitelist
with tick boxes against plain text strings to block or allow specific
things passing through that route?

How big is the display you're looking at? Can you even find a single
tick box in a sea of several thousand? Or are you expecting to see
filters based on RFC3514?


several thousand? Hardly. if that were the case all so called
firewals would have that issue.


3514 The Security Flag in the IPv4 Header. S. Bellovin. April 1 2003.
(Format: TXT=11211 bytes) (Status: INFORMATIONAL)

Perhaps it would also help if you read RFC1925

1925 The Twelve Networking Truths. R. Callon. April 1 1996. (Format:
TXT=4294 bytes) (Status: INFORMATIONAL)

especially points 6 through 11.


not interested. asking here.

Perhaps you'd need one for text itself eg www.spam.net or
123.123.123.123 and another set for commands (ie block ICMP or block
ARP / HTTP) along with logical AND and OR linking if required (eg
www.spam.net AND HTTP or whatever) .


Blocking ARP only works on the local wire. As of about a week ago,
there were 3160102088 (3160 million) IPv4 addresses allocated or
assigned around the world, in 105007 networks. Are you going to block
each one individually? What about IPv6? Thats a lot of check boxes.


rubbish.
and really not the issue. respond to the issue. nonesense counts
again.


As far as I can see there is no way for a reasonably literate but
novice "net user" to gain any form of firewall. They all come
configured with so many holes they seem effectively pointless.


No, that's the problem of the user who doesn't want to read any
instructions - they just want to click some icon and have everything
fix itself. The world doesn't work that way. Looking at the headers
in your news article, it shows:

the headers in my article are rewritten by an anonymous re-poster. I
have to read a message back to even know what they are myself.
personal attacks are idiotic and unhelpful to say the least.

yes - I just want to click an icon but only if i have to. exactly
right. there is no reason why not. none whatsoever.

and your obvious lack of understanding of what you are talking about
hidden in a bunch of nonesense youve half read on some wiki somewhere
doesnt help anyone.


X-Trace: newsfe19.ams2 1287669064 213.48.36.3 (Thu, 21 Oct 2010 13:51:04 UTC)
X-Newsreader: Forte Agent 1.93/32.576 English (American)

So it's virginmedia.com/Telewest in the UK, and yet your news reader is
configured for American English. That's just one example of people
expecting things to work without them checking or understanding anything.

Old guy

mouthing off about things you obviously dont and cant possibly
understand is pretty stupid.

if you cant relate to the questions asked keep it shut and stop
wasting peoples time.





.